Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
licensecrawler_setup.exe

Overview

General Information

Sample Name:licensecrawler_setup.exe
Analysis ID:753927
MD5:e7127c35fd5b4f803c83ce6ccec56b89
SHA1:c5e3af5f059d7d53711878b87e32d8c9c7e05dc5
SHA256:d96fa064822b2a93e39dc7b1546ede38a7d578682c5551d3be47b4b6fd4f4609
Infos:

Detection

Score:12
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Obfuscated command line found
Uses 32bit PE files
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Creates files inside the system directory
PE file contains sections with non-standard names
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • licensecrawler_setup.exe (PID: 6140 cmdline: C:\Users\user\Desktop\licensecrawler_setup.exe MD5: E7127C35FD5B4F803C83CE6CCEC56B89)
    • licensecrawler_setup.tmp (PID: 6124 cmdline: "C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp" /SL5="$802D4,2247177,721408,C:\Users\user\Desktop\licensecrawler_setup.exe" MD5: 84DB4B4205F705DA71471DC6ECC061F5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results
Source: licensecrawler_setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: licensecrawler_setup.exeStatic PE information: certificate valid
Source: licensecrawler_setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: olepro32.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: asycfilt.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcrt40.pdbGCTL source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdbUGP source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: comcat.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcrt40.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: comcat.pdbGCTL source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: asycfilt.pdbGCTL source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: olepro32.pdbGCTL source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: http://ocsp.comodoca.com0
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: http://ocsp.sectigo.com0
Source: licensecrawler_setup.exe, 00000000.00000003.242474602.000000007FC40000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, 00000000.00000003.242130331.0000000002480000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000000.244022148.0000000000401000.00000020.00000001.01000000.00000004.sdmp, licensecrawler_setup.tmp.0.dr, is-H8UC8.tmp.1.drString found in binary or memory: http://www.innosetup.com/
Source: licensecrawler_setup.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: is-AP8UM.tmp.1.drString found in binary or memory: http://www.klinzmann.name
Source: licensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drString found in binary or memory: http://www.klinzmann.name/lc_info_v0125.htm
Source: licensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drString found in binary or memory: http://www.klinzmann.name/lc_reginfo.htmlThe
Source: licensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drString found in binary or memory: http://www.klinzmann.name/order_licensecrawler.html$Registered_Details
Source: licensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drString found in binary or memory: http://www.klinzmann.name/pm_info_v01_de.htmXhttp://www.klinzmann.name/pm_info_v01_en.htmThttp://www
Source: licensecrawler_setup.tmp, 00000001.00000003.293243488.000000000236B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.kymoto.org
Source: licensecrawler_setup.exe, 00000000.00000003.241749390.0000000002480000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, 00000000.00000003.294998271.00000000021CC000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000003.245116437.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000003.293280476.000000000237A000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000003.292472035.0000000002BFC000.00000004.00001000.00020000.00000000.sdmp, is-H8UC8.tmp.1.drString found in binary or memory: http://www.kymoto.orgAbout
Source: licensecrawler_setup.exe, 00000000.00000003.295009277.00000000021E1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.kymoto.orgqJi
Source: licensecrawler_setup.exe, 00000000.00000003.242474602.000000007FC40000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, 00000000.00000003.242130331.0000000002480000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000000.244022148.0000000000401000.00000020.00000001.01000000.00000004.sdmp, licensecrawler_setup.tmp.0.dr, is-H8UC8.tmp.1.drString found in binary or memory: http://www.remobjects.com/ps
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: https://sectigo.com/CPS0
Source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drString found in binary or memory: https://sectigo.com/CPS0D
Source: licensecrawler_setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: is-7EM95.tmp.1.drStatic PE information: No import functions for PE file found
Source: licensecrawler_setup.exe, 00000000.00000003.295082092.0000000002208000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs licensecrawler_setup.exe
Source: licensecrawler_setup.exe, 00000000.00000000.241550185.00000000004B8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs licensecrawler_setup.exe
Source: licensecrawler_setup.exe, 00000000.00000003.242474602.000000007FC40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs licensecrawler_setup.exe
Source: licensecrawler_setup.exe, 00000000.00000003.242130331.0000000002480000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs licensecrawler_setup.exe
Source: licensecrawler_setup.exeBinary or memory string: OriginalFileName vs licensecrawler_setup.exe
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Windows\SysWOW64\is-7EM95.tmpJump to behavior
Source: is-H8UC8.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-H8UC8.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: C:\Users\user\Desktop\licensecrawler_setup.exeFile read: C:\Users\user\Desktop\licensecrawler_setup.exeJump to behavior
Source: C:\Users\user\Desktop\licensecrawler_setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\licensecrawler_setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\licensecrawler_setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\licensecrawler_setup.exe C:\Users\user\Desktop\licensecrawler_setup.exe
Source: C:\Users\user\Desktop\licensecrawler_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp "C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp" /SL5="$802D4,2247177,721408,C:\Users\user\Desktop\licensecrawler_setup.exe"
Source: C:\Users\user\Desktop\licensecrawler_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp "C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp" /SL5="$802D4,2247177,721408,C:\Users\user\Desktop\licensecrawler_setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: LicenseCrawler.lnk.1.drLNK file: ..\..\..\Program Files (x86)\LicenseCrawler\LicenseCrawler.exe
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Program Files (x86)\LicenseCrawlerJump to behavior
Source: licensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drBinary or memory string: pP&A@pP*\AF:\SourceCode\LicenseCrawler_Aktuell\LicenseCrawler.vbp
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\licensecrawler_setup.exeFile created: C:\Users\user\AppData\Local\Temp\is-JONDA.tmpJump to behavior
Source: licensecrawler_setup.exeString found in binary or memory: /LOADINF="filename"
Source: classification engineClassification label: clean12.winEXE@3/48@0/0
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile read: C:\Program Files (x86)\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpWindow found: window name: TMainFormJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: licensecrawler_setup.exeStatic file information: File size 2954648 > 1048576
Source: licensecrawler_setup.exeStatic PE information: certificate valid
Source: licensecrawler_setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: olepro32.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: asycfilt.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcrt40.pdbGCTL source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdbUGP source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: comcat.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcrt40.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: comcat.pdbGCTL source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdb source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: asycfilt.pdbGCTL source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: olepro32.pdbGCTL source: licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\licensecrawler_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp "C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp" /SL5="$802D4,2247177,721408,C:\Users\user\Desktop\licensecrawler_setup.exe"
Source: C:\Users\user\Desktop\licensecrawler_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp "C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp" /SL5="$802D4,2247177,721408,C:\Users\user\Desktop\licensecrawler_setup.exe" Jump to behavior
Source: licensecrawler_setup.exeStatic PE information: section name: .didata
Source: is-H8UC8.tmp.1.drStatic PE information: section name: .didata
Source: C:\Users\user\Desktop\licensecrawler_setup.exeFile created: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Program Files (x86)\LicenseCrawler\is-H8UC8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Program Files (x86)\LicenseCrawler\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Program Files (x86)\LicenseCrawler\is-AP8UM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Windows\SysWOW64\MSCmCDE.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Program Files (x86)\LicenseCrawler\LicenseCrawler.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Windows\SysWOW64\is-7EM95.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Users\user\AppData\Local\Temp\is-V7MGQ.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Windows\SysWOW64\MSCmCDE.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpFile created: C:\Windows\SysWOW64\is-7EM95.tmpJump to dropped file
Source: C:\Users\user\Desktop\licensecrawler_setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpDropped PE file which has not been started: C:\Program Files (x86)\LicenseCrawler\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpDropped PE file which has not been started: C:\Program Files (x86)\LicenseCrawler\is-H8UC8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpDropped PE file which has not been started: C:\Program Files (x86)\LicenseCrawler\is-AP8UM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\MSCmCDE.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpDropped PE file which has not been started: C:\Program Files (x86)\LicenseCrawler\LicenseCrawler.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\is-7EM95.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-V7MGQ.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpProcess information queried: ProcessInformationJump to behavior
Source: is-AP8UM.tmp.1.drBinary or memory string: Community ist der sepago Way of work and life.<BR><BR>Erfahren Sie auf unserem IT-Blog alles rund um die sepago Kernthemen Citrix, Microsoft und VMware.<BR><BR>Profitieren Sie von dem Know-how unserer IT-Experten und finden Sie die L
Source: C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts12
Command and Scripting Interpreter		Path Interception1
Process Injection		22
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager2
System Owner/User Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets11
System Information Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 753927 Sample: licensecrawler_setup.exe Startdate: 25/11/2022 Architecture: WINDOWS Score: 12 5 licensecrawler_setup.exe 2 2->5         started        file3 12 C:\Users\user\...\licensecrawler_setup.tmp, Unknown 5->12 dropped 22 Obfuscated command line found 5->22 9 licensecrawler_setup.tmp 30 36 5->9         started        signatures4 process5 file6 14 C:\Windows\SysWOW64\is-7EM95.tmp, PE32 9->14 dropped 16 C:\Windows\SysWOW64\MSCmCDE.dll (copy), PE32 9->16 dropped 18 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 9->18 dropped 20 4 other files (none is malicious) 9->20 dropped

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
licensecrawler_setup.exe1%VirustotalBrowse
licensecrawler_setup.exe4%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\LicenseCrawler\LicenseCrawler.exe (copy)0%ReversingLabs
C:\Program Files (x86)\LicenseCrawler\is-AP8UM.tmp0%ReversingLabs
C:\Program Files (x86)\LicenseCrawler\is-H8UC8.tmp4%ReversingLabs
C:\Program Files (x86)\LicenseCrawler\unins000.exe (copy)4%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-V7MGQ.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Windows\SysWOW64\MSCmCDE.dll (copy)0%ReversingLabs
C:\Windows\SysWOW64\is-7EM95.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.innosetup.com/0%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://www.kymoto.orgAbout0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://www.remobjects.com/ps0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://www.klinzmann.name/pm_info_v01_de.htmXhttp://www.klinzmann.name/pm_info_v01_en.htmThttp://www0%Avira URL Cloudsafe
http://www.klinzmann.name/lc_info_v0125.htm0%Avira URL Cloudsafe
http://www.klinzmann.name/lc_reginfo.htmlThe0%Avira URL Cloudsafe
http://www.klinzmann.name/order_licensecrawler.html$Registered_Details0%Avira URL Cloudsafe
http://www.kymoto.orgqJi0%Avira URL Cloudsafe
http://www.klinzmann.name0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.innosetup.com/licensecrawler_setup.exe, 00000000.00000003.242474602.000000007FC40000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, 00000000.00000003.242130331.0000000002480000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000000.244022148.0000000000401000.00000020.00000001.01000000.00000004.sdmp, licensecrawler_setup.tmp.0.dr, is-H8UC8.tmp.1.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.klinzmann.name/pm_info_v01_de.htmXhttp://www.klinzmann.name/pm_info_v01_en.htmThttp://wwwlicensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drfalse
  • Avira URL Cloud: safe
unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tlicensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://sectigo.com/CPS0licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drfalse
  • URL Reputation: safe
unknown
http://ocsp.sectigo.com0licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drfalse
  • URL Reputation: safe
unknown
http://www.klinzmann.name/lc_reginfo.htmlThelicensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drfalse
  • Avira URL Cloud: safe
unknown
http://www.kymoto.orgqJilicensecrawler_setup.exe, 00000000.00000003.295009277.00000000021E1000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.klinzmann.name/order_licensecrawler.html$Registered_Detailslicensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drfalse
  • Avira URL Cloud: safe
unknown
http://www.klinzmann.name/lc_info_v0125.htmlicensecrawler_setup.tmp, 00000001.00000003.290520131.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, is-AP8UM.tmp.1.drfalse
  • Avira URL Cloud: safe
unknown
http://www.kymoto.orgAboutlicensecrawler_setup.exe, 00000000.00000003.241749390.0000000002480000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, 00000000.00000003.294998271.00000000021CC000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000003.245116437.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000003.293280476.000000000237A000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000003.292472035.0000000002BFC000.00000004.00001000.00020000.00000000.sdmp, is-H8UC8.tmp.1.drfalse
  • URL Reputation: safe
unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drfalse
  • URL Reputation: safe
unknown
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUlicensecrawler_setup.exefalse
    		high
    https://sectigo.com/CPS0Dlicensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drfalse
    • URL Reputation: safe
    		unknown
    http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0slicensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drfalse
    • URL Reputation: safe
    		unknown
    http://www.kymoto.orglicensecrawler_setup.tmp, 00000001.00000003.293243488.000000000236B000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      http://www.remobjects.com/pslicensecrawler_setup.exe, 00000000.00000003.242474602.000000007FC40000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, 00000000.00000003.242130331.0000000002480000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.tmp, 00000001.00000000.244022148.0000000000401000.00000020.00000001.01000000.00000004.sdmp, licensecrawler_setup.tmp.0.dr, is-H8UC8.tmp.1.drfalse
      • URL Reputation: safe
      		unknown
      http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#licensecrawler_setup.tmp, 00000001.00000003.290802023.00000000052B8000.00000004.00001000.00020000.00000000.sdmp, licensecrawler_setup.exe, is-AP8UM.tmp.1.drfalse
      • URL Reputation: safe
      		unknown
      http://www.klinzmann.nameis-AP8UM.tmp.1.drfalse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox Version:36.0.0 Rainbow Opal
      Analysis ID:753927
      Start date and time:2022-11-25 16:26:13 +01:00
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 5m 9s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:licensecrawler_setup.exe
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:13
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:CLEAN
      Classification:clean12.winEXE@3/48@0/0
      EGA Information:Failed
      HDC Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
      • Excluded domains from analysis (whitelisted): fs.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      C:\Users\user\AppData\Local\Temp\is-V7MGQ.tmp\_isetup\_setup64.tmpfile.exeGet hashmaliciousBrowse
        file.exeGet hashmaliciousBrowse
          SecuriteInfo.com.Trojan.Siggen18.59138.29444.26902.exeGet hashmaliciousBrowse
            file.exeGet hashmaliciousBrowse
              https://www.asap-utilities.com/Get hashmaliciousBrowse
                file.exeGet hashmaliciousBrowse
                  file.exeGet hashmaliciousBrowse
                    https://www.msr.ch/media/downloads/pcsoftware/MSR175_d2022-08-25_vs1-02-39.zipGet hashmaliciousBrowse
                      file.exeGet hashmaliciousBrowse
                        file.exeGet hashmaliciousBrowse
                          https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousBrowse
                            https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousBrowse
                              https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousBrowse
                                GpPP25HfBe.exeGet hashmaliciousBrowse
                                  MSDisplay_MultiDev_v1.0.0.18.0.exeGet hashmaliciousBrowse
                                    sfk.exeGet hashmaliciousBrowse
                                      setup_installer.exeGet hashmaliciousBrowse
                                        install_setup.exeGet hashmaliciousBrowse
                                          file.exeGet hashmaliciousBrowse
                                            file.exeGet hashmaliciousBrowse

                                              Created / dropped Files

                                              C:\Program Files (x86)\LicenseCrawler\Arabc.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):3323
                                              Entropy (8bit):5.914618261220392
                                              Encrypted:false
                                              SSDEEP:48:Q6ZVcMWLIf4zQmAiiU+osf5i5KYSm1pf1mq8s7PWz0dYIzT2o/2g1hP/fBZQeD2s:tZVcVLGm8dLs7smT2Q+m
                                              MD5:7D07F52A2A01910EB855B76CD53AAD59
                                              SHA1:A39DAF444F21440ADE97D2AC6B1333345289BBE3
                                              SHA-256:09352FB761F19F077FC9BD59EFE868689853368C97CC0ED47444C190B4972886
                                              SHA-512:D9E1A2C7597FB8D07016FD153C56ED9A4E9D7D98456FB9EB0172E167488EB64743E6A4840FE63D08279894CF457A2344E19CC0FDCE94550323DF73D96544365F
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Arabc..ID=AR..Version=1.6..[TEXT].."MAIN.MSG.SAVE_SETTTINGS= ""... .........?""".."MAIN.CMD.ACCEPT= ""....""".."MAIN.CMD.DENY= ""...""".."MAIN.CMD.SEARCH= ""...""".."MAIN.CMD.EXIT= ""....""".."MAIN.CMD.OK="".....""".."MAIN.LB.COMPUTER="".....""".."MAIN.LB.SEARCHING=""..... .. .....:""".."MAIN.TXT.STATUS="".... ... .. .... .....""".."MAIN.CHK.HIGHSPEED=""... ...... ..... ......""".."MAIN.CHK.64BIT=""64 Bit scan""".."MAIN.MSG.REGISTERED_MEMBERS_ONLY=""...... ... ..... www.klinzmann.name ... <BR><BR> (.. ...... ........)<BR> ... ...... ...... ... .. ...... .......""".."MAIN.MSG.BLACKLIST_LIMITATION=""...... ... ..... www.klinzmann.name ... <BR><BR> (.. ...... ........)<BR> ... ....... ....... ..... ....... ..... ....""".."MAIN.CHK.ENABLE_BLACKLIST=""...... ....... .......""".."MAIN.TAB.FILE=""...""".."MAIN.TAB.HELP=""......""".."MAIN.MENU.SAVE=""...""".."MAIN.MENU.SAVE_ENCRYPTED=""... ....... """.."MAIN.MENU.SAVE_PROPERTIES=""

                                              C:\Program Files (x86)\LicenseCrawler\Chinese_Simplified.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2700
                                              Entropy (8bit):6.4305364922450154
                                              Encrypted:false
                                              SSDEEP:48:QATsa2L4AI8u9aydPIyoznSJqaz9Bf/deE1W1S0oLESjvUUzaeCu1GC:NsavA6aEeSJq20AES1epuoC
                                              MD5:4282FF7E302DF8B4A0E245A3B36C279C
                                              SHA1:3FD6228D105D780D45B03D55ED68304FE7F8BB1B
                                              SHA-256:1DC0D1CEBFA30BEE5542B1C62D98B52060C83279AFDDC6836640A95A30B06566
                                              SHA-512:D268F8817256C666FB41846AF9E480E613629C4F4469E420F9170595B00ED42714D3E268808D7D19DB48A73EC16C45FA6BC161CBEEA9EB877AAA952ED0678961
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Chinese Simplified..ID=CHN..Version=1.6....[TEXT]..MAIN.MSG.SAVE_SETTTINGS= "........?"..MAIN.CMD.ACCEPT= "..."..MAIN.CMD.DENY= "..."..MAIN.CMD.SEARCH= "...."..MAIN.CMD.EXIT= "..."..MAIN.CMD.OK="..."..MAIN.LB.COMPUTER="....."..MAIN.LB.SEARCHING=".......:"..MAIN.TXT.STATUS="............."..MAIN.CHK.HIGHSPEED="......."..MAIN.CHK.64BIT="64...."..MAIN.MSG.REGISTERED_MEMBERS_ONLY="..................<BR><BR>............ www.klinzmann.name ."..MAIN.MSG.BLACKLIST_LIMITATION=".......................<BR>(..........)<BR><BR>............ www.klinzmann.name ."..MAIN.CHK.ENABLE_BLACKLIST="............"..MAIN.TAB.FILE="..."..MAIN.TAB.HELP="...."..MAIN.MENU.SAVE="...."..MAIN.MENU.SAVE_ENCRYPTED="......."..MAIN.MENU.SAVE_PROPERTIES="........"..MAIN.MENU.LOAD="...."..MAIN.MENU.EXIT="..."..MAIN.MENU.MANUAL_ENTRY="......."..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe ......"..MAIN.MENU.BLACKLIST_FILTERS="...

                                              C:\Program Files (x86)\LicenseCrawler\Danish.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):12596
                                              Entropy (8bit):5.441638251755029
                                              Encrypted:false
                                              SSDEEP:192:kohtoouCbfSKtzw9tzwKbZErEg0kQkTkI5CPtf2uis2Nkh+8AE7iHGhDpTJT/rQ2:kqai36R+DGtTuUiHG/tTcIT
                                              MD5:39E578C14C814A1812E95D41BAA785FE
                                              SHA1:FF3B00DFBB9EA11E7718D6BA9A2C993513187A6D
                                              SHA-256:F50142DEFFA6954BA54EECD19665F0DAD04F940A7AF9463069A08CDE7AE45552
                                              SHA-512:8A477C2DDFAAD05F90D0EF2C1DEDED199EEDE9FD7E600E17F487DFA23635325684970B8459B844B37FE4BDA317AA45A8AE6F4EB8F1A1C659C2A9944DF24BB09A
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=Flag..Name=OEMLANG..ID=OE..Version=1.31........[TEXT]..MAIN.MSG.SAVE_SETTTINGS=Gem Indstillinger?..MAIN.CMD.ACCEPT=Godkend..MAIN.CMD.DENY=Afvis..MAIN.CMD.SEARCH=S.g..MAIN.CMD.EXIT=Afslut..MAIN.CMD.OK=OK..MAIN.LB.COMPUTER=Computer..MAIN.LB.SEARCHING=S.ge Tast:..MAIN.TXT.STATUS=Tryk tast og start s.gning..MAIN.CHK.HIGHSPEED=Hurtig skanning..MAIN.CHK.64BIT=64 Bit skan..MAIN.MSG.REGISTERED_MEMBERS_ONLY=Denne egenskab er kun tilg.ngelig i licens udgaven.<BR><BR>Bes.g www.klinzmann.navn for at f. din licens...MAIN.MSG.BLACKLIST_LIMITATION=Blacklist filter underst.tter kun to adgange<BR>(Begr.nsninger i den gratis version)<BR><BR>Bes.g www.klinzmann.navn for at f. din licens...MAIN.CHK.ENABLE_BLACKLIST=Blacklist Filter..MAIN.TAB.FILE=Fil..MAIN.TAB.HELP=Hj.lp..MAIN.MENU.SAVE=Gem..MAIN.MENU.SAVE_ENCRYPTED=Gem Krypteret..MAIN.MENU.SAVE_PROPERTIES=Gem Egenskaber..MAIN.MENU.LOAD=Indl.s..MAIN.MENU.EXIT=Afslut..MAIN.MENU.MANUAL_ENTRY=Manuel Indgang..MAIN.MENU.A

                                              C:\Program Files (x86)\LicenseCrawler\Dutch.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2679
                                              Entropy (8bit):5.4858142408234984
                                              Encrypted:false
                                              SSDEEP:48:6x05LfmBbz8El/USAY0r2i1C1ewY7Uf2D2ijc1:6y5LfmR8Y/KXh7Uf2VQ1
                                              MD5:2C7A9CF960AC8763046DD18A61DC1D82
                                              SHA1:917DBB2870EB0133914115D94C79CB0B4AE37EA2
                                              SHA-256:C4137FACFB7EEE4FF6CF91A5210B313F7C44D944942F5E7D5331582D353DFDD7
                                              SHA-512:9E6B31C68483A51A2E08D0CC37CA96D1CCA49EF4F1B7076CCC51C777A665A22B1698A65BEAFC296142937C0A68F88F669A6945EF7B7B7410D34DBC7705F7EEE7
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..CONTROL=LicenseCrawler..Name=Dutch..ID=NL..Version=1.8......[TEXT]..MAIN.MSG.SAVE_SETTTINGS="Instellingen opslaan?"..MAIN.CMD.ACCEPT="Accepteren"..MAIN.CMD.DENY="Weigeren"..MAIN.CMD.SEARCH="Zoeken"..MAIN.CMD.EXIT="Exit"..MAIN.CMD.OK="OK"..MAIN.LB.COMPUTER="Computer"..MAIN.LB.SEARCHING="Zoekt sleutel:"..MAIN.TXT.STATUS="Druk op de knop om te beginnen met zoeken"..MAIN.CHK.HIGHSPEED="Hoge snelheid scan"..MAIN.CHK.64BIT="64 Bit scan"..MAIN.TAB.FILE="Bestand"..MAIN.TAB.HELP="Help"..MAIN.MENU.SAVE="Opslaan"..MAIN.MENU.SAVE_ENCRYPTED="Encrypted Opslaan"..MAIN.MENU.SAVE_PROPERTIES="Instellingen opslaan"..MAIN.MENU.LOAD="Laden"..MAIN.MENU.EXIT="Exit"..MAIN.MENU.MANUAL_ENTRY="Handmatige Ingave"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.DECODE_ENCODE="Decode / Encode"..MAIN.MENU.HELP="Help"..MAIN.MENU.HOMEPAGE="Bezoek Homepage"..MAIN.MENU.ABOUT="Op LicenseCrawler"..MAIN.MENU.LANGUAGE="Taal (Language)"..MAIN.MENU.EULA="Licentievoorwaarden"..PROC.LB.SE

                                              C:\Program Files (x86)\LicenseCrawler\English.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):4549
                                              Entropy (8bit):5.431604538714182
                                              Encrypted:false
                                              SSDEEP:48:QRirIlTBWTpLARyF1YKH5SthGxItFiDxavbJhgKUQbSIL/IA2i1N1VI3cMdYIzT3:qiYTBWuOZStMx4Oa9QQr6cBmT2QHWWj
                                              MD5:8BE2996EFB53E0DBFED3EE25BF4E0844
                                              SHA1:19C628CC817E6EB3F8904CD254A996EF164B0D46
                                              SHA-256:42407721E119EC66C6A644E11AA08BA18E290732EDC9BD11C391D92A0144C07D
                                              SHA-512:181C7162B44F53403198C85179F8E94A2145C2D84687871A4E6B4DE5C5078893C211934644F8CB919B259DF99F2583351B0A8664118734A648387B52F88B1C53
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=English..ID=EN..Version=1.6....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..For new versions and other interesting tools please contact:.. www.klinzmann.name.. E-Mail: info@klinzmann.name<BR>..License Agreement:..You are free to share, to copy, distribute, transmit and use the..LicenseCrawler for non-commercial purposes...If you are interested in commercial versions, please send us an Email...<BR>Private use for free!!<BR>..If you find a minute, please make a picture of your town and send me..a mail so that i can see where the LicenseCrawler live. ;-)..<BR>The LicenseCrawler is provided 'as is' and 'used as seen'. No expression as to fitness of purpose is made. The decision as to whether to use these LicenseCrawler is yours alone. By choosing to use the LicenseCrawler, you accept full responsibility for any liability arising out of their use. You are liable for any damages whatsoever, including but not limited to, any dama

                                              C:\Program Files (x86)\LicenseCrawler\Finnish.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):14417
                                              Entropy (8bit):5.393111287798899
                                              Encrypted:false
                                              SSDEEP:192:nAoWy5xEidZrZ75OGTdlpBs8vxgXBvlwWIEoWuQHtssFv1Wne0z5LY5m:AUvJ5OCL27TgQH1a
                                              MD5:4CB21FD558091782110C493BDFB49177
                                              SHA1:78D9F97B3D5BD097296A8412557C090783920652
                                              SHA-256:529695C4C6DC098EE4493FA589EA87D08E2C18099F4779ACBA4FFC0006138121
                                              SHA-512:31D60368325CD4E3CE3D7C15571F205270C95FD154AEA375BB0A68ED3497EF1AE2EC82A9CADF5C87248D73D556E58FC8A9B98BC3BC4D9D6B56346BF6FE17EDB3
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..Control=LicenseCrawler..Flag=Flag..Name=FINNISH..ID=FIN..Version=1.47..[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..Uusista versioista ja muista kiinnostavista ty.kaluista, ota yhteytt.:.. www.klinzmann.name.. E-Mail: info@klinzmann.name<BR>..Liisenssi Ehdot:..Voit vapaasti jakaa, kopioida, levitt.., v.litt.. ja k.ytt....LicenseCrawleria ei-kaupallisiin tarkoituksiin...Jos olet kiinnostunut kaupallisesta versiosta, l.het. meille s.hk.postia...<BR>VAPAASTI Yksityisk.yt.ss. !!<BR>..Jos sinulla on hetki aikaa, tee kuva omasta kaupungistasi ja l.het. se minulle..s.hk.postilla jotta voin n.hd., miss. LicenseCrawleria k.ytet..n. ;-)..<BR>LicenseCrawler tarjotaan "sellaisenaan" ja "k.ytet..n n.htyn.". Testi. ohjelman k.ytett.vyydest. tarkoituksen ei ole tehty. P..t.s siit. k.yt.tk. LicenseCrawleria on yksin sinun. K.ytt.m.ll. LicenseCrawleria, otat t.yden vastuun haitoista ohjelman k.yt.ss.. Olet vastuussa kaikesta vahingosta, mukaan lukien rajoitukset jotka johtuvat huolimattomuu

                                              C:\Program Files (x86)\LicenseCrawler\French.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):9697
                                              Entropy (8bit):5.470321147197518
                                              Encrypted:false
                                              SSDEEP:192:CV8AA/RxDnOlpP6GWPGlcB3/xEnqRn4xGSfSB6xK/XHUcqpHz:K8r1nOlpyrhB3lR4xaB6xKqpT
                                              MD5:A5C3AFDE2B1043EDC740DFE04C2BF78A
                                              SHA1:A1019425DD4F515B13D6C6DF300295826BC6479C
                                              SHA-256:699A77A6589415B014060D69A8DBD6FB70CD2E4864395C40F00A3961F691FEB5
                                              SHA-512:5886A454076CC5AB1D1595405C67FD6BE04C42E18E4BAE7B21E912ABF5C1551BE313817FB8F47437F8544868CA8F8FC9D68258FB23D9A0FCEA250C1410B7172D
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=French..ID=FR..Version=2.1....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..Pour les nouvelles versions et autres outils int.ressants, veuillez contacter:<BR>.. www.klinzmann.name<BR>.. E-Mail: info@klinzmann.name<BR><BR>..Contrat de licence:<BR>..Vous .tes libre de partager, de copier, de distribuer, de transmettre et d'utiliser<BR>..LicenseCrawler . des fins non commerciales...Si vous .tes int.ress. par les versions commerciales, veuillez nous envoyer un E-mail.<BR>..<BR>Utilisation priv.e gratuite!!<BR>..Si vous avez une minute, faites une photo de votre ville et envoyez-moi..un E-mail pour que je puisse voir o. vit le LicenseCrawler. ;-)..<BR>LicenseCrawler est fourni 'tel quel' et 'utilis. tel que vu'. Aucune expression quant . l'aptitude . l'emploi n'est faite. La d.cision d'utiliser ou non ces LicenseCrawler n'appartient qu'. vous. En choisissant d'utiliser LicenseCrawler, vous acceptez l'enti.re responsabilit. de to

                                              C:\Program Files (x86)\LicenseCrawler\German.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):6411
                                              Entropy (8bit):5.438413582325186
                                              Encrypted:false
                                              SSDEEP:192:qXodnk9FBf/azOEnuN5DJSh2oW9ubTlybpx:q59FBaz7ush2mTEb7
                                              MD5:1C0D04C7D13ED6BD15CA90E9A7F0F422
                                              SHA1:F56F19A2647751889F1E73456219F1AC77690466
                                              SHA-256:DC7E0DC1758546DB3FDD937519FDE99CAEE7A91EF9842D23F1D99906F2FA27FA
                                              SHA-512:996D4DDF892E5242A5380613010E45815920C4798E69FE84942E6678C1953BF32C04F5250B70AF765C963ABDB31A3C1E2F4DB56C9010A60871740037D50A2F8D
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..CONTROL=LicenseCrawler..Name=Deutsch..ID=DE..Version=1.6....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..Lizenzbedingungen:<BR>..Gewerbliche / Komerzeille Nutzung<BR>..Eine Lizenz f.r gewerbliche / kommerzielle Nutzung erhalten Sie auf unserer Homepage www.klinzmann.name<BR>..<BR>..Private Nutzung<BR>..Privatanwender k.nnen den LicenseCrawler kostenlos verwenden!<BR>..Sie haben aber auch als Privatanwender die M.glichkeit eine Private Lizenz zu kaufen...Jede Lizenz unterst.tzt dieses Projekt und sorgt daf.r, dass der LicenseCrawler weiterentwickelt wird.<BR>..Es w.rde uns freuen von Ihnen ein Foto aus Ihrer Heimat zu bekommen. ..Es interessiert uns sehr, wo der LicenseCrawler ein neues Zuhause gefunden hat.<BR>..<BR>..Presse und Online Platformen<BR>..Die Verbreitung dieser Software ist erlaubt.<BR>..Das ver.ffentlichen des LicenseCrawler in Magazinen, Download Plattformen und Datentr.gern ist erlaubt. <BR>..<BR>..Das Herunterladen und die Verwendung des Progamms erfolgt auf eig

                                              C:\Program Files (x86)\LicenseCrawler\Hungarian.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2816
                                              Entropy (8bit):5.699138169490688
                                              Encrypted:false
                                              SSDEEP:48:QBtUh79BdvsU8cQU+SS27e+Cc1k1/ZC4yMI3Qb/W/UFDRfc2:sKh79B97f54Y4rFfH
                                              MD5:486719572DDB2CE6BBFBDE65BEB415AD
                                              SHA1:95B9A31AFDF80039FED7373F1911A2B93B89528B
                                              SHA-256:CBD4BCFA643CD22430FD0C7EBE89BECBCAB2EEABEC10995C452B6DB68F18FFAC
                                              SHA-512:4AF52006B5BBCC1AF9D05BBF49202ED8C89B14330908D518A68BDCCC55BF8E8FF5740B1A1595CB78F85E9E7BB48EBCD711CA0369A6A98C4829565BAF5AD2E635
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\hu.gif..Name=Hungarian..ID=HU..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= "Mentse a be.ll.t.sokat?"..MAIN.CMD.ACCEPT= "Elfogad"..MAIN.CMD.DENY= "Elutas.t"..MAIN.CMD.SEARCH= "Keres.s"..MAIN.CMD.EXIT= "Kil.p.s"..MAIN.CMD.OK="OK"..MAIN.LB.COMPUTER="Sz.m.t.g.p"..MAIN.LB.SEARCHING="Kulcs keres.se:"..MAIN.TXT.STATUS="Kattints a gombra a kezd.shez"..MAIN.CHK.HIGHSPEED="Gyorskeres.s"..MAIN.CHK.64BIT="64 bites keres.s"..MAIN.TAB.FILE="F.jl"..MAIN.TAB.HELP="S.g."..MAIN.MENU.SAVE="Ment.s"..MAIN.MENU.SAVE_ENCRYPTED="Titkos.tott ment.s"..MAIN.MENU.SAVE_PROPERTIES="Tulajdons.gok ment.se"..MAIN.MENU.LOAD="Bet.lt"..MAIN.MENU.EXIT="Kil.p.s"..MAIN.MENU.MANUAL_ENTRY="K.zi bejegyz.s"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.DECODE_ENCODE="K.dol.s \ Dek.dol.s"..MAIN.MENU.HELP="S.g."..MAIN.MENU.HOMEPAGE="Honlap megl.togat.sa"..MAIN.MENU.ABOUT="N.vjegy"..MAIN.MENU.LANGUAGE="Nyelv"..MAIN.MENU.EULA="Licensz"..PROC.LB.

                                              C:\Program Files (x86)\LicenseCrawler\Italian.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):5921
                                              Entropy (8bit):5.329619776648303
                                              Encrypted:false
                                              SSDEEP:96:haiOI9GyhAb8qOCBOk5wDqmMhJgJPbXUO/V5mzEc3va7x0QmT2Qlo52:h3O4qOCBO7qmM8JPjU25mz0GQmT2n2
                                              MD5:6E3A4564A97FFAC7EE61CDB33F3F0629
                                              SHA1:5D74FE98AE636AFC05CE2DDE01BE5E5AFED76064
                                              SHA-256:B571ADDF0D5D8C9C931398D59B8E7CF13794B7C43864008BBAC762E4A3B32BE3
                                              SHA-512:D85CF064153AEB0C8C98A78AB11A183FDA8E1CF57205C014AEE0BA5011BABC12F6C146532B6F1FD1AF70BF9638A1138307F2522E74253E2A2C5D4ABD4189AE3D
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\it.gif..Name=Italian..ID=IT..Version=1.6....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..Per nuova versioni e altri programmi interessanti contattate:.. www.klinzmann.name.. E-Mail: info@klinzmann.name<BR>..Accordo di licenza:..Siete liberi di condividere, copiare, distribuire, trasmettere e usare..LicenseCrawler per scopi non commerciali...Se siete interessati alle versioni commerciali, inviateci un'Email...<BR>L'uso personale . gratuito!!<BR>..Se avete un minuto, fate una foto alla vostra citt. e inviatemi..unaa mail in modo da vedere dove abita LicenseCrawler. ;-)..<BR>LicenseCrawler . fornito 'cos. com'.' e 'usato come lo vedete'. Non viene fatta nessuna espressione di adattamento per uno scopo. La decisione su se e come usare LicenseCrawler spetta a voi solamente. Scegliendo di usare LicenseCrawler, accettate la piena responsabilit. per qualsiasi reato derivante dal suo uso. Siete responsabili per qualsiasi danno in qualunque form

                                              C:\Program Files (x86)\LicenseCrawler\Japanese.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):5260
                                              Entropy (8bit):6.213140969038756
                                              Encrypted:false
                                              SSDEEP:96:N84mYnl367V4hDHEM/phvFSQoIUx4xgAuyUvnVfKhcG2QZeYZM:NqANfVUqxgNfQhR2sM
                                              MD5:86B5A98BEEE186AE79CC9E064514BAB8
                                              SHA1:D06347B735998229AA0EC44797A23481EF71533F
                                              SHA-256:12C07BE9700841E07FB8D24C274FFFB51B88ABBCC77C5391B8B1D47234F97582
                                              SHA-512:C0144C4E4149117A5AFDB1DA14E5176A1D22E682917F4856FE8225575654E46CC2CE6FAE8F7F8E4ECC5C3695A180B5DD9E0F16AE975845A7A6FF6086ECC53703
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Japanese..ID=JP..Version=1.6....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>............................ .......:.. www.klinzmann.name.. E-Mail: info@klinzmann.name<BR>...................................................LicenseCrawler............................E..............<BR>.............<BR>..If you find a minute, please make a picture of your town and send me..a mail so that i can see where the LicenseCrawler live. ;-)..<BR>LicenseCrawler......................... ..................... ....LicenseCrawler......................

                                              C:\Program Files (x86)\LicenseCrawler\LicenseCrawler.exe (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):1115416
                                              Entropy (8bit):5.754014151164735
                                              Encrypted:false
                                              SSDEEP:24576:GKbHrqj7wgMFeu5N/Uo8vsHbYrOXkYjsuer:dHrqj7y8mNhkYjsug
                                              MD5:5B7AD92F6EE50DF4134111EC3C652A24
                                              SHA1:EEDAD711FB3938F56B6C922B7AE28E33B2CFD092
                                              SHA-256:C0115B092F17D8356E957DD83FA7DFB8722D26097318FDF33640119CDF25B522
                                              SHA-512:150CDF518A162D74E58487D8CA5C51A264D417F0E0A04957885E578EBA4AC0C8468405BD702D58493F6F63D5D2840CB23306A1542718AFDDC009661FB67F58D1
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.K.>...>...>..l"...>...!...>...!...>..Rich.>..........PE..L...q.~b.................`...........G.......p....@..........................p..............................................d^..(.......l]...............%..................................................(... ....................................text....].......`.................. ..`.data........p.......p..............@....rsrc...l].......`..................@..@..^............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Program Files (x86)\LicenseCrawler\LicenseCrawler.ini (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [cmd_default]
                                              Category:dropped
                                              Size (bytes):93
                                              Entropy (8bit):4.751750081650309
                                              Encrypted:false
                                              SSDEEP:3:XvMPAXtE/hEr3IlDBlv+GhxLE2ovktX7vn:k4XtEheIZHxrLEX+7v
                                              MD5:16C6D14345F1192FDCDC7D534F3AFB73
                                              SHA1:77802A521D8C9EEF1CC8333C9DAAB4C49CEF1448
                                              SHA-256:6B4491161B46F7BABD33A79139411EB909F8AD1BA52834F788A18AD1F7C9EDE1
                                              SHA-512:24678FFDAE562593BD80F81AE2578F0C103FD0172A712BE3FD5A7FC3B83BF2C084013AD09F5818BCE0535FA32062B76FC2E6EF130C13E87283E594A84A0ECF7B
                                              Malicious:false
                                              Preview:[common]..LogFileFolder=%app.path%..[cmd_default]..[cmd_additional]..-SKIP_LicensingProduct..

                                              C:\Program Files (x86)\LicenseCrawler\Pt-Br.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2622
                                              Entropy (8bit):5.533186227439477
                                              Encrypted:false
                                              SSDEEP:48:QzYmPIrVIStT2qy2i1N1VqKSdAqSa7YB26Kkb1:0YmQrVJiqS0Y9KK1
                                              MD5:57BE0CA4AC5B2FDEF75690BC6575071D
                                              SHA1:7A815809E67EEE38D825F5F98F5AB1414D25F097
                                              SHA-256:B2D06B0860EB329B53A9C07F4FB50E7D2C4B38CAF28D8D1FE89E3E5120D5F820
                                              SHA-512:59A86FE7783B6AAECE3420E731F48FD5E97A19A52D6D3E50813B1A2EC11DA164EC04ECAD228E512DE17186B7FCA108B0AF387EAF0CAD3D616B990E2A0C2416D5
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Portugues Brasil..ID=Pt-Br..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= "Salvar Configura..es?"..MAIN.CMD.ACCEPT= "Aceitar"..MAIN.CMD.DENY= "Negar"..MAIN.CMD.SEARCH= "Procurar"..MAIN.CMD.EXIT= "Sair"..MAIN.CMD.OK="OK"..MAIN.LB.COMPUTER="Computador"..MAIN.LB.SEARCHING="Procurando chave:"..MAIN.TXT.STATUS="Clicar no bot.o para iniciar a busca"..MAIN.CHK.HIGHSPEED="Scan r.pido"..MAIN.CHK.64BIT="64 Bit scan"..MAIN.TAB.FILE="Arquivo"..MAIN.TAB.HELP="Ajuda"..MAIN.MENU.SAVE="Salvar"..MAIN.MENU.SAVE_ENCRYPTED="Salvar encripta..o"..MAIN.MENU.LOAD="Carregar"..MAIN.MENU.EXIT="Sair"..MAIN.MENU.MANUAL_ENTRY="Entrada manual"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.DECODE_ENCODE="Decode / Encode"..MAIN.MENU.HELP="Ajuda"..MAIN.MENU.HOMEPAGE="Visite Homepage"..MAIN.MENU.ABOUT="Sobre"..MAIN.MENU.LANGUAGE="Idioma"..MAIN.MENU.EULA="Termos da Licen.a"..PROC.LB.SEARCHING_COMPUTER="Localizando Computado

                                              C:\Program Files (x86)\LicenseCrawler\Russian.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):13640
                                              Entropy (8bit):6.129876438496049
                                              Encrypted:false
                                              SSDEEP:192:4KGdfV7nyFgS+rEou/YuwhvvCA/TVwg0IDxefGLaNRNtU/OAtHvMb2t7QaDy:4KipnmoaTwhiuzpERbT
                                              MD5:E236F04597FBA91F069220326E0CCA6F
                                              SHA1:3D9801A36A39B429C17583F8763E3F012AD5E1E1
                                              SHA-256:A3D7484AAC7550A887C2004B9298D3092CB6FDF995A9C7463979005D40737491
                                              SHA-512:7CBE4ECD4E45A81974057B1C7FA33386126EC9A326DAE7F952911982BE3D4569188AFFAC61FA50DB92505290BA76A852D7220EFEDA07544687BA4BAE6187409E
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Russian..ID=RU..Version=1.28......[TEXT]..MAIN.MSG.SAVE_SETTTINGS=......... .........?..MAIN.CMD.ACCEPT=..........MAIN.CMD.DENY=.. ..........MAIN.CMD.SEARCH=&...... .......MAIN.CMD.EXIT=.......MAIN.CMD.OK=OK..MAIN.LB.COMPUTER=...........MAIN.LB.SEARCHING=..... .:..MAIN.TXT.STATUS=....... ...... ".....", ..... ......... .......MAIN.MSG.REGISTERED_MEMBERS_ONLY=...... ... ..............MAIN.MSG.BLACKLIST_LIMITATION=...... ....... ...... ............ ...... 2-. ......<BR>(........... .......... ......)<BR><BR>... ......... ........ ........ ....: www.klinzmann.name ...WHITELIST.CAPTION=....... ...... ........WHITELIST.CMD.CLOSE=.........WHITELIST.CMD.DEFAULTS=.. ...........NETBATCH.LISTVIEW.COMPUTERNAME=... ............NETBATCH.LISTVIEW.USERNAME=... ..............NETBATCH.LISTVIEW.STATUS=...........NETBATCH.CMD.CLOSE=.........NETBATCH.CMD.SCAN=.............NETBATCH.CMD.IMPORTEXPORT=....../.........NETBATCH.LISTVIEW.PASSWORD=..

                                              C:\Program Files (x86)\LicenseCrawler\Serbian.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Algol 68 source, Unicode text, UTF-16, little-endian text, with very long lines (880), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):5644
                                              Entropy (8bit):3.8452954437582942
                                              Encrypted:false
                                              SSDEEP:96:rahfXYsnf7GuPcEdI9Xgn9lasqwepBVjuecOXlDOQgeOR32Soh5H2dppuuO0AONN:GhfTxPcsI9XArxjepBVjuecOXlDOQge0
                                              MD5:5727841E55989227C74D2213C30564FE
                                              SHA1:A97E08AFCD84BF2EA420AAD9A94FAF3E720F9AFF
                                              SHA-256:0473480ED58B378558A94F68E69D03F33E16C563523D6DB3BD0E1B20B24C0790
                                              SHA-512:1E2E5DCF25DA0D97E6EC6388BFD9A6EF2F652FF51F572CE70E3401F5C3386E17A2A322C0C82DD749B395C9D3E2F759F88171747A1BD577149F15237A1F620E86
                                              Malicious:false
                                              Preview:..[.C.o.m.m.o.n.].....C.O.N.T.R.O.L.=.L.i.c.e.n.s.e.C.r.a.w.l.e.r.....F.l.a.g.=.%.a.p.p...p.a.t.h.%.\.s.r...g.i.f.....N.a.m.e.=.S.e.r.b.i.a.n.....I.D.=.S.R.....V.e.r.s.i.o.n.=.1...6.............[.T.E.X.T.].....M.A.I.N...M.S.G...S.A.V.E._.S.E.T.T.T.I.N.G.S.=. .".S.a...u.v.a.j. .p.o.d.e.a.a.v.a.n.j.a.?.".....M.A.I.N...C.M.D...A.C.C.E.P.T.=. .".P.r.i.h.v.a.t.i.".....M.A.I.N...C.M.D...D.E.N.Y.=. .".P.o.n.i.a.t.i.".....M.A.I.N...C.M.D...S.E.A.R.C.H.=. .".T.r.a.~.i.".....M.A.I.N...C.M.D...E.X.I.T.=. .".I.z.l.a.z.".....M.A.I.N...C.M.D...O.K.=.".U. .r.e.d.u.".....M.A.I.N...L.B...C.O.M.P.U.T.E.R.=.".R.a...u.n.a.r.".....M.A.I.N...L.B...S.E.A.R.C.H.I.N.G.=.".P.r.e.t.r.a.~.i.v.a.n.j.e.:.".....M.A.I.N...T.X.T...S.T.A.T.U.S.=.".P.r.i.t.i.s.n.i. .d.u.g.m.e. .z.a. .p.o...e.t.a.k. .p.r.e.t.r.a.g.e.".....M.A.I.N...C.H.K...H.I.G.H.S.P.E.E.D.=.".S.k.e.n.i.r.a.n.j.e. .v.e.l.i.k.o.m. .b.r.z.i.n.o.m.".....M.A.I.N...C.H.K...6.4.B.I.T.=.".6.4. .B.i.t.-.n.o. .s.k.e.n.i.r.a.n.j.e.".....M.A.I.N...T.A.B...F.I.L.E.

                                              C:\Program Files (x86)\LicenseCrawler\Spanish.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2623
                                              Entropy (8bit):5.507897835463148
                                              Encrypted:false
                                              SSDEEP:48:QF86L3ARLQ2BMUmyMxoIc3cydy111bFdDVpVCdz4AmC8sKzf2DJrWuf1:p67ARQ2HmyMaOVHcdMr2JrWO1
                                              MD5:49046F6685E950324DCD0C155DB5B341
                                              SHA1:BCB9963280C962C3629A494FC9E041CD2C573481
                                              SHA-256:B80E6817F5BCD0BF202CD791CCCAFE72362A655D447EF24293CFF33B75B44F56
                                              SHA-512:701A0A240ADBC6253F19D3B0EAB168735857F8E027FA8171E92AFD59177B05E91C09DA4DDA8F08B34AB22A071473CBBC6CD11B72650C39178E57ACDB7AF9F235
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Spanish..ID=ES..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= ".Desea guardar los cambios?"..MAIN.CMD.ACCEPT= "Aceptar"..MAIN.CMD.DENY= "Denegar"..MAIN.CMD.SEARCH= "Buscar"..MAIN.CMD.EXIT= "Salir"..MAIN.CMD.OK="Aceptar"..MAIN.LB.COMPUTER="Ordenador"..MAIN.LB.SEARCHING="Buscando claves:"..MAIN.TXT.STATUS="Haz click en Buscar para iniciar la b.squeda"..MAIN.CHK.HIGHSPEED="Esc.n r.pido"..MAIN.CHK.64BIT="Esc.n 64 Bits"..MAIN.TAB.FILE="Archivo"..MAIN.TAB.HELP="Ayuda"..MAIN.MENU.SAVE="Guardar"..MAIN.MENU.SAVE_ENCRYPTED="Guardar Encriptado"..MAIN.MENU.SAVE_PROPERTIES=".Desea guardar los cambios"..MAIN.MENU.LOAD="Cargar"..MAIN.MENU.EXIT="Salir"..MAIN.MENU.MANUAL_ENTRY="Introducir manualmente"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.DECODE_ENCODE="Codificar / Decodificar"..MAIN.MENU.HELP="Ayuda"..MAIN.MENU.HOMEPAGE="Visitar Web"..MAIN.MENU.ABOUT="Acerca de"..MAIN.MENU.LANGUAGE="Idioma"..MAIN

                                              C:\Program Files (x86)\LicenseCrawler\Swedish.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2538
                                              Entropy (8bit):5.6217069335888015
                                              Encrypted:false
                                              SSDEEP:48:QKBDoPFrr8NFFD0wvQfdh6MdSiPLiB1n1H4RqjRaJ49FfH6V1:/o9rr8ZD0wv+hho4AUJ8FPI1
                                              MD5:E2A4B35936E18471635C27E23C5EB8B8
                                              SHA1:DAB1D3C5E637FEC27F8FDA04FF2F782DA54E229C
                                              SHA-256:B56643690505932653872CE93AC3FDFCC8133C2C7E616DEFE61E1AEC9415FBD9
                                              SHA-512:8C8460D28B14A283FB216DC0F5C1607AFF30461602E5AA6FE0B4A00AE01CBA390630AEB6D1C7FAA3DB11863B8F5038E7317956CD8366A6984848EB4FD9DCA4DF
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\sv.gif..Name=Swedish..ID=SV..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= "Spara inst.llningar?"..MAIN.CMD.ACCEPT= "Acceptera"..MAIN.CMD.DENY= "Neka"..MAIN.CMD.SEARCH= "S.k"..MAIN.CMD.EXIT= "Avsluta"..MAIN.CMD.OK="OK"..MAIN.LB.COMPUTER="Dator"..MAIN.LB.SEARCHING="Skannar:"..MAIN.TXT.STATUS="Tryck p. "S.k" f.r att starta skanning"..MAIN.CHK.HIGHSPEED="Snabbskanning"..MAIN.CHK.64BIT="64-bit skanning"..MAIN.TAB.FILE="Arkiv"..MAIN.TAB.HELP="Hj.lp"..MAIN.MENU.SAVE="Spara"..MAIN.MENU.SAVE_ENCRYPTED="Spara krypterat"..MAIN.MENU.SAVE_PROPERTIES="Spara inst.llningar"..MAIN.MENU.LOAD=".ppna"..MAIN.MENU.EXIT="Avsluta"..MAIN.MENU.MANUAL_ENTRY="Manuellt"..MAIN.MENU.LANGUAGE="Spr.k"..MAIN.MENU.DECODE_ENCODE="Kryptera/Dekryptera"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.HELP="Hj.lp"..MAIN.MENU.LICENSE_TERMS="Licensvillkor"..MAIN.MENU.HOMEPAGE="Bes.k hemsidan"..MAIN.MENU.ABOUT="Om"..PROC.LB.SEARCHING_COMPUTER="

                                              C:\Program Files (x86)\LicenseCrawler\Taiwan.lc (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2348
                                              Entropy (8bit):6.369098970659711
                                              Encrypted:false
                                              SSDEEP:48:QFYSCsRG3Kj454XLlvaMXLZe1i1bW0jK29Zp1:YYPsdj24XM0e29Zp1
                                              MD5:56D9432406AFE6A13D3E5D11DC7DBAB5
                                              SHA1:65A29E52518916B2A7A154263C08BC4ACA0F6DDB
                                              SHA-256:A3C9575B34F51B106CB843ED104D7477EA90DBA62B3076F2F3677061775394A6
                                              SHA-512:CA6066A64C5865F5CE5CF11892255F59F8CEE043923AEB63D0136BBC84C26B4304536DDEDDD0551F9F5F0BBCD4B3E3F44619790EC0A444EB73BC094E35B0DE8D
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Taiwan..ID=Cht..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= ".x.s.].w?"..MAIN.CMD.ACCEPT= "...."..MAIN.CMD.DENY= "..."..MAIN.CMD.SEARCH= ".j.M"..MAIN.CMD.EXIT= "...}"..MAIN.CMD.OK=".T.w"..MAIN.LB.COMPUTER=".q.."..MAIN.LB.SEARCHING=".j.M.K._:"..MAIN.TXT.STATUS="....j.M.s.A.}.l.j.M"..MAIN.CHK.HIGHSPEED="..t.j.M"..MAIN.CHK.64BIT="64...j.M"..MAIN.TAB.FILE="..."..MAIN.TAB.HELP="...."..MAIN.MENU.SAVE=".x.s"..MAIN.MENU.SAVE_ENCRYPTED=".[.K.x.s"..MAIN.MENU.SAVE_PROPERTIES=".x.s.S.."..MAIN.MENU.LOAD="...J"..MAIN.MENU.EXIT="...}"..MAIN.MENU.MANUAL_ENTRY="....J"..MAIN.MENU.DECODE_ENCODE="..X/.s.X"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.HELP="...."..MAIN.MENU.HOMEPAGE=".s......"..MAIN.MENU.ABOUT="......"..MAIN.MENU.LANGUAGE=".y.."..MAIN.MENU.EULA="...v...."..PROC.LB.SEARCHING_COMPUTER=".j.M.q.."..DEC_ENC.CMD.OK=".T.w"..DEC_ENC.CMD.CLOSE="...."..DEC_ENC.LB.SOURCE="...:"..DEC_ENC.LB

                                              C:\Program Files (x86)\LicenseCrawler\is-1G0GH.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2622
                                              Entropy (8bit):5.533186227439477
                                              Encrypted:false
                                              SSDEEP:48:QzYmPIrVIStT2qy2i1N1VqKSdAqSa7YB26Kkb1:0YmQrVJiqS0Y9KK1
                                              MD5:57BE0CA4AC5B2FDEF75690BC6575071D
                                              SHA1:7A815809E67EEE38D825F5F98F5AB1414D25F097
                                              SHA-256:B2D06B0860EB329B53A9C07F4FB50E7D2C4B38CAF28D8D1FE89E3E5120D5F820
                                              SHA-512:59A86FE7783B6AAECE3420E731F48FD5E97A19A52D6D3E50813B1A2EC11DA164EC04ECAD228E512DE17186B7FCA108B0AF387EAF0CAD3D616B990E2A0C2416D5
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Portugues Brasil..ID=Pt-Br..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= "Salvar Configura..es?"..MAIN.CMD.ACCEPT= "Aceitar"..MAIN.CMD.DENY= "Negar"..MAIN.CMD.SEARCH= "Procurar"..MAIN.CMD.EXIT= "Sair"..MAIN.CMD.OK="OK"..MAIN.LB.COMPUTER="Computador"..MAIN.LB.SEARCHING="Procurando chave:"..MAIN.TXT.STATUS="Clicar no bot.o para iniciar a busca"..MAIN.CHK.HIGHSPEED="Scan r.pido"..MAIN.CHK.64BIT="64 Bit scan"..MAIN.TAB.FILE="Arquivo"..MAIN.TAB.HELP="Ajuda"..MAIN.MENU.SAVE="Salvar"..MAIN.MENU.SAVE_ENCRYPTED="Salvar encripta..o"..MAIN.MENU.LOAD="Carregar"..MAIN.MENU.EXIT="Sair"..MAIN.MENU.MANUAL_ENTRY="Entrada manual"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.DECODE_ENCODE="Decode / Encode"..MAIN.MENU.HELP="Ajuda"..MAIN.MENU.HOMEPAGE="Visite Homepage"..MAIN.MENU.ABOUT="Sobre"..MAIN.MENU.LANGUAGE="Idioma"..MAIN.MENU.EULA="Termos da Licen.a"..PROC.LB.SEARCHING_COMPUTER="Localizando Computado

                                              C:\Program Files (x86)\LicenseCrawler\is-367F7.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):12596
                                              Entropy (8bit):5.441638251755029
                                              Encrypted:false
                                              SSDEEP:192:kohtoouCbfSKtzw9tzwKbZErEg0kQkTkI5CPtf2uis2Nkh+8AE7iHGhDpTJT/rQ2:kqai36R+DGtTuUiHG/tTcIT
                                              MD5:39E578C14C814A1812E95D41BAA785FE
                                              SHA1:FF3B00DFBB9EA11E7718D6BA9A2C993513187A6D
                                              SHA-256:F50142DEFFA6954BA54EECD19665F0DAD04F940A7AF9463069A08CDE7AE45552
                                              SHA-512:8A477C2DDFAAD05F90D0EF2C1DEDED199EEDE9FD7E600E17F487DFA23635325684970B8459B844B37FE4BDA317AA45A8AE6F4EB8F1A1C659C2A9944DF24BB09A
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=Flag..Name=OEMLANG..ID=OE..Version=1.31........[TEXT]..MAIN.MSG.SAVE_SETTTINGS=Gem Indstillinger?..MAIN.CMD.ACCEPT=Godkend..MAIN.CMD.DENY=Afvis..MAIN.CMD.SEARCH=S.g..MAIN.CMD.EXIT=Afslut..MAIN.CMD.OK=OK..MAIN.LB.COMPUTER=Computer..MAIN.LB.SEARCHING=S.ge Tast:..MAIN.TXT.STATUS=Tryk tast og start s.gning..MAIN.CHK.HIGHSPEED=Hurtig skanning..MAIN.CHK.64BIT=64 Bit skan..MAIN.MSG.REGISTERED_MEMBERS_ONLY=Denne egenskab er kun tilg.ngelig i licens udgaven.<BR><BR>Bes.g www.klinzmann.navn for at f. din licens...MAIN.MSG.BLACKLIST_LIMITATION=Blacklist filter underst.tter kun to adgange<BR>(Begr.nsninger i den gratis version)<BR><BR>Bes.g www.klinzmann.navn for at f. din licens...MAIN.CHK.ENABLE_BLACKLIST=Blacklist Filter..MAIN.TAB.FILE=Fil..MAIN.TAB.HELP=Hj.lp..MAIN.MENU.SAVE=Gem..MAIN.MENU.SAVE_ENCRYPTED=Gem Krypteret..MAIN.MENU.SAVE_PROPERTIES=Gem Egenskaber..MAIN.MENU.LOAD=Indl.s..MAIN.MENU.EXIT=Afslut..MAIN.MENU.MANUAL_ENTRY=Manuel Indgang..MAIN.MENU.A

                                              C:\Program Files (x86)\LicenseCrawler\is-4LQ6N.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2679
                                              Entropy (8bit):5.4858142408234984
                                              Encrypted:false
                                              SSDEEP:48:6x05LfmBbz8El/USAY0r2i1C1ewY7Uf2D2ijc1:6y5LfmR8Y/KXh7Uf2VQ1
                                              MD5:2C7A9CF960AC8763046DD18A61DC1D82
                                              SHA1:917DBB2870EB0133914115D94C79CB0B4AE37EA2
                                              SHA-256:C4137FACFB7EEE4FF6CF91A5210B313F7C44D944942F5E7D5331582D353DFDD7
                                              SHA-512:9E6B31C68483A51A2E08D0CC37CA96D1CCA49EF4F1B7076CCC51C777A665A22B1698A65BEAFC296142937C0A68F88F669A6945EF7B7B7410D34DBC7705F7EEE7
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Name=Dutch..ID=NL..Version=1.8......[TEXT]..MAIN.MSG.SAVE_SETTTINGS="Instellingen opslaan?"..MAIN.CMD.ACCEPT="Accepteren"..MAIN.CMD.DENY="Weigeren"..MAIN.CMD.SEARCH="Zoeken"..MAIN.CMD.EXIT="Exit"..MAIN.CMD.OK="OK"..MAIN.LB.COMPUTER="Computer"..MAIN.LB.SEARCHING="Zoekt sleutel:"..MAIN.TXT.STATUS="Druk op de knop om te beginnen met zoeken"..MAIN.CHK.HIGHSPEED="Hoge snelheid scan"..MAIN.CHK.64BIT="64 Bit scan"..MAIN.TAB.FILE="Bestand"..MAIN.TAB.HELP="Help"..MAIN.MENU.SAVE="Opslaan"..MAIN.MENU.SAVE_ENCRYPTED="Encrypted Opslaan"..MAIN.MENU.SAVE_PROPERTIES="Instellingen opslaan"..MAIN.MENU.LOAD="Laden"..MAIN.MENU.EXIT="Exit"..MAIN.MENU.MANUAL_ENTRY="Handmatige Ingave"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.DECODE_ENCODE="Decode / Encode"..MAIN.MENU.HELP="Help"..MAIN.MENU.HOMEPAGE="Bezoek Homepage"..MAIN.MENU.ABOUT="Op LicenseCrawler"..MAIN.MENU.LANGUAGE="Taal (Language)"..MAIN.MENU.EULA="Licentievoorwaarden"..PROC.LB.SE

                                              C:\Program Files (x86)\LicenseCrawler\is-8O4FV.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):13640
                                              Entropy (8bit):6.129876438496049
                                              Encrypted:false
                                              SSDEEP:192:4KGdfV7nyFgS+rEou/YuwhvvCA/TVwg0IDxefGLaNRNtU/OAtHvMb2t7QaDy:4KipnmoaTwhiuzpERbT
                                              MD5:E236F04597FBA91F069220326E0CCA6F
                                              SHA1:3D9801A36A39B429C17583F8763E3F012AD5E1E1
                                              SHA-256:A3D7484AAC7550A887C2004B9298D3092CB6FDF995A9C7463979005D40737491
                                              SHA-512:7CBE4ECD4E45A81974057B1C7FA33386126EC9A326DAE7F952911982BE3D4569188AFFAC61FA50DB92505290BA76A852D7220EFEDA07544687BA4BAE6187409E
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Russian..ID=RU..Version=1.28......[TEXT]..MAIN.MSG.SAVE_SETTTINGS=......... .........?..MAIN.CMD.ACCEPT=..........MAIN.CMD.DENY=.. ..........MAIN.CMD.SEARCH=&...... .......MAIN.CMD.EXIT=.......MAIN.CMD.OK=OK..MAIN.LB.COMPUTER=...........MAIN.LB.SEARCHING=..... .:..MAIN.TXT.STATUS=....... ...... ".....", ..... ......... .......MAIN.MSG.REGISTERED_MEMBERS_ONLY=...... ... ..............MAIN.MSG.BLACKLIST_LIMITATION=...... ....... ...... ............ ...... 2-. ......<BR>(........... .......... ......)<BR><BR>... ......... ........ ........ ....: www.klinzmann.name ...WHITELIST.CAPTION=....... ...... ........WHITELIST.CMD.CLOSE=.........WHITELIST.CMD.DEFAULTS=.. ...........NETBATCH.LISTVIEW.COMPUTERNAME=... ............NETBATCH.LISTVIEW.USERNAME=... ..............NETBATCH.LISTVIEW.STATUS=...........NETBATCH.CMD.CLOSE=.........NETBATCH.CMD.SCAN=.............NETBATCH.CMD.IMPORTEXPORT=....../.........NETBATCH.LISTVIEW.PASSWORD=..

                                              C:\Program Files (x86)\LicenseCrawler\is-AENC9.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2623
                                              Entropy (8bit):5.507897835463148
                                              Encrypted:false
                                              SSDEEP:48:QF86L3ARLQ2BMUmyMxoIc3cydy111bFdDVpVCdz4AmC8sKzf2DJrWuf1:p67ARQ2HmyMaOVHcdMr2JrWO1
                                              MD5:49046F6685E950324DCD0C155DB5B341
                                              SHA1:BCB9963280C962C3629A494FC9E041CD2C573481
                                              SHA-256:B80E6817F5BCD0BF202CD791CCCAFE72362A655D447EF24293CFF33B75B44F56
                                              SHA-512:701A0A240ADBC6253F19D3B0EAB168735857F8E027FA8171E92AFD59177B05E91C09DA4DDA8F08B34AB22A071473CBBC6CD11B72650C39178E57ACDB7AF9F235
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Spanish..ID=ES..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= ".Desea guardar los cambios?"..MAIN.CMD.ACCEPT= "Aceptar"..MAIN.CMD.DENY= "Denegar"..MAIN.CMD.SEARCH= "Buscar"..MAIN.CMD.EXIT= "Salir"..MAIN.CMD.OK="Aceptar"..MAIN.LB.COMPUTER="Ordenador"..MAIN.LB.SEARCHING="Buscando claves:"..MAIN.TXT.STATUS="Haz click en Buscar para iniciar la b.squeda"..MAIN.CHK.HIGHSPEED="Esc.n r.pido"..MAIN.CHK.64BIT="Esc.n 64 Bits"..MAIN.TAB.FILE="Archivo"..MAIN.TAB.HELP="Ayuda"..MAIN.MENU.SAVE="Guardar"..MAIN.MENU.SAVE_ENCRYPTED="Guardar Encriptado"..MAIN.MENU.SAVE_PROPERTIES=".Desea guardar los cambios"..MAIN.MENU.LOAD="Cargar"..MAIN.MENU.EXIT="Salir"..MAIN.MENU.MANUAL_ENTRY="Introducir manualmente"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.DECODE_ENCODE="Codificar / Decodificar"..MAIN.MENU.HELP="Ayuda"..MAIN.MENU.HOMEPAGE="Visitar Web"..MAIN.MENU.ABOUT="Acerca de"..MAIN.MENU.LANGUAGE="Idioma"..MAIN

                                              C:\Program Files (x86)\LicenseCrawler\is-AP8UM.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):1115416
                                              Entropy (8bit):5.754014151164735
                                              Encrypted:false
                                              SSDEEP:24576:GKbHrqj7wgMFeu5N/Uo8vsHbYrOXkYjsuer:dHrqj7y8mNhkYjsug
                                              MD5:5B7AD92F6EE50DF4134111EC3C652A24
                                              SHA1:EEDAD711FB3938F56B6C922B7AE28E33B2CFD092
                                              SHA-256:C0115B092F17D8356E957DD83FA7DFB8722D26097318FDF33640119CDF25B522
                                              SHA-512:150CDF518A162D74E58487D8CA5C51A264D417F0E0A04957885E578EBA4AC0C8468405BD702D58493F6F63D5D2840CB23306A1542718AFDDC009661FB67F58D1
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.K.>...>...>..l"...>...!...>...!...>..Rich.>..........PE..L...q.~b.................`...........G.......p....@..........................p..............................................d^..(.......l]...............%..................................................(... ....................................text....].......`.................. ..`.data........p.......p..............@....rsrc...l].......`..................@..@..^............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Program Files (x86)\LicenseCrawler\is-E8KBF.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Algol 68 source, Unicode text, UTF-16, little-endian text, with very long lines (880), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):5644
                                              Entropy (8bit):3.8452954437582942
                                              Encrypted:false
                                              SSDEEP:96:rahfXYsnf7GuPcEdI9Xgn9lasqwepBVjuecOXlDOQgeOR32Soh5H2dppuuO0AONN:GhfTxPcsI9XArxjepBVjuecOXlDOQge0
                                              MD5:5727841E55989227C74D2213C30564FE
                                              SHA1:A97E08AFCD84BF2EA420AAD9A94FAF3E720F9AFF
                                              SHA-256:0473480ED58B378558A94F68E69D03F33E16C563523D6DB3BD0E1B20B24C0790
                                              SHA-512:1E2E5DCF25DA0D97E6EC6388BFD9A6EF2F652FF51F572CE70E3401F5C3386E17A2A322C0C82DD749B395C9D3E2F759F88171747A1BD577149F15237A1F620E86
                                              Malicious:false
                                              Preview:..[.C.o.m.m.o.n.].....C.O.N.T.R.O.L.=.L.i.c.e.n.s.e.C.r.a.w.l.e.r.....F.l.a.g.=.%.a.p.p...p.a.t.h.%.\.s.r...g.i.f.....N.a.m.e.=.S.e.r.b.i.a.n.....I.D.=.S.R.....V.e.r.s.i.o.n.=.1...6.............[.T.E.X.T.].....M.A.I.N...M.S.G...S.A.V.E._.S.E.T.T.T.I.N.G.S.=. .".S.a...u.v.a.j. .p.o.d.e.a.a.v.a.n.j.a.?.".....M.A.I.N...C.M.D...A.C.C.E.P.T.=. .".P.r.i.h.v.a.t.i.".....M.A.I.N...C.M.D...D.E.N.Y.=. .".P.o.n.i.a.t.i.".....M.A.I.N...C.M.D...S.E.A.R.C.H.=. .".T.r.a.~.i.".....M.A.I.N...C.M.D...E.X.I.T.=. .".I.z.l.a.z.".....M.A.I.N...C.M.D...O.K.=.".U. .r.e.d.u.".....M.A.I.N...L.B...C.O.M.P.U.T.E.R.=.".R.a...u.n.a.r.".....M.A.I.N...L.B...S.E.A.R.C.H.I.N.G.=.".P.r.e.t.r.a.~.i.v.a.n.j.e.:.".....M.A.I.N...T.X.T...S.T.A.T.U.S.=.".P.r.i.t.i.s.n.i. .d.u.g.m.e. .z.a. .p.o...e.t.a.k. .p.r.e.t.r.a.g.e.".....M.A.I.N...C.H.K...H.I.G.H.S.P.E.E.D.=.".S.k.e.n.i.r.a.n.j.e. .v.e.l.i.k.o.m. .b.r.z.i.n.o.m.".....M.A.I.N...C.H.K...6.4.B.I.T.=.".6.4. .B.i.t.-.n.o. .s.k.e.n.i.r.a.n.j.e.".....M.A.I.N...T.A.B...F.I.L.E.

                                              C:\Program Files (x86)\LicenseCrawler\is-F1FQD.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):9697
                                              Entropy (8bit):5.470321147197518
                                              Encrypted:false
                                              SSDEEP:192:CV8AA/RxDnOlpP6GWPGlcB3/xEnqRn4xGSfSB6xK/XHUcqpHz:K8r1nOlpyrhB3lR4xaB6xKqpT
                                              MD5:A5C3AFDE2B1043EDC740DFE04C2BF78A
                                              SHA1:A1019425DD4F515B13D6C6DF300295826BC6479C
                                              SHA-256:699A77A6589415B014060D69A8DBD6FB70CD2E4864395C40F00A3961F691FEB5
                                              SHA-512:5886A454076CC5AB1D1595405C67FD6BE04C42E18E4BAE7B21E912ABF5C1551BE313817FB8F47437F8544868CA8F8FC9D68258FB23D9A0FCEA250C1410B7172D
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=French..ID=FR..Version=2.1....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..Pour les nouvelles versions et autres outils int.ressants, veuillez contacter:<BR>.. www.klinzmann.name<BR>.. E-Mail: info@klinzmann.name<BR><BR>..Contrat de licence:<BR>..Vous .tes libre de partager, de copier, de distribuer, de transmettre et d'utiliser<BR>..LicenseCrawler . des fins non commerciales...Si vous .tes int.ress. par les versions commerciales, veuillez nous envoyer un E-mail.<BR>..<BR>Utilisation priv.e gratuite!!<BR>..Si vous avez une minute, faites une photo de votre ville et envoyez-moi..un E-mail pour que je puisse voir o. vit le LicenseCrawler. ;-)..<BR>LicenseCrawler est fourni 'tel quel' et 'utilis. tel que vu'. Aucune expression quant . l'aptitude . l'emploi n'est faite. La d.cision d'utiliser ou non ces LicenseCrawler n'appartient qu'. vous. En choisissant d'utiliser LicenseCrawler, vous acceptez l'enti.re responsabilit. de to

                                              C:\Program Files (x86)\LicenseCrawler\is-H8UC8.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):2558939
                                              Entropy (8bit):6.362256284615226
                                              Encrypted:false
                                              SSDEEP:49152:og2qPtc1e5OS7bPGoUl+x/grN4azvchYk2Fz:ovqPCnrN4azvSYt
                                              MD5:68A6B99EDFA9BC00765A964F44A684CA
                                              SHA1:E42957C80F03AE93C9A4E2E415B5D1DEE8F45BCA
                                              SHA-256:42335AFF80ACD75376B9FF9096ADC40DA948ADF729ADC85DCBE6B78ECC0E5294
                                              SHA-512:B79CDDD8D3A574360DCD923FCFBF344CC63EC4B415463180F9648D67A97A83F52E236E3189A28F866D8C9FE20FEF46367F3DF304F728B58D1A11280C90C9C104
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 4%
                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....]..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...8.$.......$................. ..`.itext...&....$..(....$............. ..`.data...DZ....$..\....$.............@....bss.....q...@%..........................idata...5....%..6...(%.............@....didata.......&......^%.............@....edata........&......h%.............@..@.tls....D.... &..........................rdata..]....0&......j%.............@..@.rsrc....D...@&..D...l%.............@..@..............'.......&.............@..@........................................................

                                              C:\Program Files (x86)\LicenseCrawler\is-HGF3P.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2348
                                              Entropy (8bit):6.369098970659711
                                              Encrypted:false
                                              SSDEEP:48:QFYSCsRG3Kj454XLlvaMXLZe1i1bW0jK29Zp1:YYPsdj24XM0e29Zp1
                                              MD5:56D9432406AFE6A13D3E5D11DC7DBAB5
                                              SHA1:65A29E52518916B2A7A154263C08BC4ACA0F6DDB
                                              SHA-256:A3C9575B34F51B106CB843ED104D7477EA90DBA62B3076F2F3677061775394A6
                                              SHA-512:CA6066A64C5865F5CE5CF11892255F59F8CEE043923AEB63D0136BBC84C26B4304536DDEDDD0551F9F5F0BBCD4B3E3F44619790EC0A444EB73BC094E35B0DE8D
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Taiwan..ID=Cht..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= ".x.s.].w?"..MAIN.CMD.ACCEPT= "...."..MAIN.CMD.DENY= "..."..MAIN.CMD.SEARCH= ".j.M"..MAIN.CMD.EXIT= "...}"..MAIN.CMD.OK=".T.w"..MAIN.LB.COMPUTER=".q.."..MAIN.LB.SEARCHING=".j.M.K._:"..MAIN.TXT.STATUS="....j.M.s.A.}.l.j.M"..MAIN.CHK.HIGHSPEED="..t.j.M"..MAIN.CHK.64BIT="64...j.M"..MAIN.TAB.FILE="..."..MAIN.TAB.HELP="...."..MAIN.MENU.SAVE=".x.s"..MAIN.MENU.SAVE_ENCRYPTED=".[.K.x.s"..MAIN.MENU.SAVE_PROPERTIES=".x.s.S.."..MAIN.MENU.LOAD="...J"..MAIN.MENU.EXIT="...}"..MAIN.MENU.MANUAL_ENTRY="....J"..MAIN.MENU.DECODE_ENCODE="..X/.s.X"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.HELP="...."..MAIN.MENU.HOMEPAGE=".s......"..MAIN.MENU.ABOUT="......"..MAIN.MENU.LANGUAGE=".y.."..MAIN.MENU.EULA="...v...."..PROC.LB.SEARCHING_COMPUTER=".j.M.q.."..DEC_ENC.CMD.OK=".T.w"..DEC_ENC.CMD.CLOSE="...."..DEC_ENC.LB.SOURCE="...:"..DEC_ENC.LB

                                              C:\Program Files (x86)\LicenseCrawler\is-HOVRP.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):14417
                                              Entropy (8bit):5.393111287798899
                                              Encrypted:false
                                              SSDEEP:192:nAoWy5xEidZrZ75OGTdlpBs8vxgXBvlwWIEoWuQHtssFv1Wne0z5LY5m:AUvJ5OCL27TgQH1a
                                              MD5:4CB21FD558091782110C493BDFB49177
                                              SHA1:78D9F97B3D5BD097296A8412557C090783920652
                                              SHA-256:529695C4C6DC098EE4493FA589EA87D08E2C18099F4779ACBA4FFC0006138121
                                              SHA-512:31D60368325CD4E3CE3D7C15571F205270C95FD154AEA375BB0A68ED3497EF1AE2EC82A9CADF5C87248D73D556E58FC8A9B98BC3BC4D9D6B56346BF6FE17EDB3
                                              Malicious:false
                                              Preview:[Common]..Control=LicenseCrawler..Flag=Flag..Name=FINNISH..ID=FIN..Version=1.47..[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..Uusista versioista ja muista kiinnostavista ty.kaluista, ota yhteytt.:.. www.klinzmann.name.. E-Mail: info@klinzmann.name<BR>..Liisenssi Ehdot:..Voit vapaasti jakaa, kopioida, levitt.., v.litt.. ja k.ytt....LicenseCrawleria ei-kaupallisiin tarkoituksiin...Jos olet kiinnostunut kaupallisesta versiosta, l.het. meille s.hk.postia...<BR>VAPAASTI Yksityisk.yt.ss. !!<BR>..Jos sinulla on hetki aikaa, tee kuva omasta kaupungistasi ja l.het. se minulle..s.hk.postilla jotta voin n.hd., miss. LicenseCrawleria k.ytet..n. ;-)..<BR>LicenseCrawler tarjotaan "sellaisenaan" ja "k.ytet..n n.htyn.". Testi. ohjelman k.ytett.vyydest. tarkoituksen ei ole tehty. P..t.s siit. k.yt.tk. LicenseCrawleria on yksin sinun. K.ytt.m.ll. LicenseCrawleria, otat t.yden vastuun haitoista ohjelman k.yt.ss.. Olet vastuussa kaikesta vahingosta, mukaan lukien rajoitukset jotka johtuvat huolimattomuu

                                              C:\Program Files (x86)\LicenseCrawler\is-HVJMT.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Non-ISO extended-ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):2813
                                              Entropy (8bit):4.88908179064068
                                              Encrypted:false
                                              SSDEEP:48:3k2EvdD2EXMhEKsTuemYA1v6vIqUI2KcA:3+WimT+vJ
                                              MD5:79E18BC8A432F6625CBE4ECA5210AF1F
                                              SHA1:F16A870D5525A84AA7C99E5270ECA7B868D3EAF6
                                              SHA-256:FD5033AA98700CE869BB02D9BE2145CCF079D41A57F20D4AF1E5FBFCD4153452
                                              SHA-512:F4E22B97D7B96F54A0F0FE4675521ADB1B08F5B8687BFA39585C5AE97B4AEECEEDA834790C8B49E6CD091EC0374E286BEFB7A786AC49A33BE9379AC8433EDB76
                                              Malicious:false
                                              Preview:The language files (*.lc) are optional...You can delete the files to save disk space....-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#....Run the LicenseCrawler as an administrator..Navigate to the program folder of the LicenseCrawler.exe ..Right-click the program icon (the .exe file)...Choose Run As Administrator...If you see a User Account Control prompt, accept it.....-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#....FAQ....Run-Time error '339':..Component 'mscomctl.ocx' or one of its dependencies not correctly registered: a file is missing os invalid....Solution:..Navigate to the program folder of the LicenseCrawler.exe ..Right-click the program icon (the .exe file)...Choose Run As Administrator...If you see a User Account Control prompt, accept it.....-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#....LicenseCrawler Windows License Key Scanner ..Copyright . Martin Klinzmann, www.klinzmann.name.. ..The LicenseCrawler can help you find

                                              C:\Program Files (x86)\LicenseCrawler\is-ITLPP.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):6411
                                              Entropy (8bit):5.438413582325186
                                              Encrypted:false
                                              SSDEEP:192:qXodnk9FBf/azOEnuN5DJSh2oW9ubTlybpx:q59FBaz7ush2mTEb7
                                              MD5:1C0D04C7D13ED6BD15CA90E9A7F0F422
                                              SHA1:F56F19A2647751889F1E73456219F1AC77690466
                                              SHA-256:DC7E0DC1758546DB3FDD937519FDE99CAEE7A91EF9842D23F1D99906F2FA27FA
                                              SHA-512:996D4DDF892E5242A5380613010E45815920C4798E69FE84942E6678C1953BF32C04F5250B70AF765C963ABDB31A3C1E2F4DB56C9010A60871740037D50A2F8D
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Name=Deutsch..ID=DE..Version=1.6....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..Lizenzbedingungen:<BR>..Gewerbliche / Komerzeille Nutzung<BR>..Eine Lizenz f.r gewerbliche / kommerzielle Nutzung erhalten Sie auf unserer Homepage www.klinzmann.name<BR>..<BR>..Private Nutzung<BR>..Privatanwender k.nnen den LicenseCrawler kostenlos verwenden!<BR>..Sie haben aber auch als Privatanwender die M.glichkeit eine Private Lizenz zu kaufen...Jede Lizenz unterst.tzt dieses Projekt und sorgt daf.r, dass der LicenseCrawler weiterentwickelt wird.<BR>..Es w.rde uns freuen von Ihnen ein Foto aus Ihrer Heimat zu bekommen. ..Es interessiert uns sehr, wo der LicenseCrawler ein neues Zuhause gefunden hat.<BR>..<BR>..Presse und Online Platformen<BR>..Die Verbreitung dieser Software ist erlaubt.<BR>..Das ver.ffentlichen des LicenseCrawler in Magazinen, Download Plattformen und Datentr.gern ist erlaubt. <BR>..<BR>..Das Herunterladen und die Verwendung des Progamms erfolgt auf eig

                                              C:\Program Files (x86)\LicenseCrawler\is-J2R4O.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):3323
                                              Entropy (8bit):5.914618261220392
                                              Encrypted:false
                                              SSDEEP:48:Q6ZVcMWLIf4zQmAiiU+osf5i5KYSm1pf1mq8s7PWz0dYIzT2o/2g1hP/fBZQeD2s:tZVcVLGm8dLs7smT2Q+m
                                              MD5:7D07F52A2A01910EB855B76CD53AAD59
                                              SHA1:A39DAF444F21440ADE97D2AC6B1333345289BBE3
                                              SHA-256:09352FB761F19F077FC9BD59EFE868689853368C97CC0ED47444C190B4972886
                                              SHA-512:D9E1A2C7597FB8D07016FD153C56ED9A4E9D7D98456FB9EB0172E167488EB64743E6A4840FE63D08279894CF457A2344E19CC0FDCE94550323DF73D96544365F
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Arabc..ID=AR..Version=1.6..[TEXT].."MAIN.MSG.SAVE_SETTTINGS= ""... .........?""".."MAIN.CMD.ACCEPT= ""....""".."MAIN.CMD.DENY= ""...""".."MAIN.CMD.SEARCH= ""...""".."MAIN.CMD.EXIT= ""....""".."MAIN.CMD.OK="".....""".."MAIN.LB.COMPUTER="".....""".."MAIN.LB.SEARCHING=""..... .. .....:""".."MAIN.TXT.STATUS="".... ... .. .... .....""".."MAIN.CHK.HIGHSPEED=""... ...... ..... ......""".."MAIN.CHK.64BIT=""64 Bit scan""".."MAIN.MSG.REGISTERED_MEMBERS_ONLY=""...... ... ..... www.klinzmann.name ... <BR><BR> (.. ...... ........)<BR> ... ...... ...... ... .. ...... .......""".."MAIN.MSG.BLACKLIST_LIMITATION=""...... ... ..... www.klinzmann.name ... <BR><BR> (.. ...... ........)<BR> ... ....... ....... ..... ....... ..... ....""".."MAIN.CHK.ENABLE_BLACKLIST=""...... ....... .......""".."MAIN.TAB.FILE=""...""".."MAIN.TAB.HELP=""......""".."MAIN.MENU.SAVE=""...""".."MAIN.MENU.SAVE_ENCRYPTED=""... ....... """.."MAIN.MENU.SAVE_PROPERTIES=""

                                              C:\Program Files (x86)\LicenseCrawler\is-O46IV.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2700
                                              Entropy (8bit):6.4305364922450154
                                              Encrypted:false
                                              SSDEEP:48:QATsa2L4AI8u9aydPIyoznSJqaz9Bf/deE1W1S0oLESjvUUzaeCu1GC:NsavA6aEeSJq20AES1epuoC
                                              MD5:4282FF7E302DF8B4A0E245A3B36C279C
                                              SHA1:3FD6228D105D780D45B03D55ED68304FE7F8BB1B
                                              SHA-256:1DC0D1CEBFA30BEE5542B1C62D98B52060C83279AFDDC6836640A95A30B06566
                                              SHA-512:D268F8817256C666FB41846AF9E480E613629C4F4469E420F9170595B00ED42714D3E268808D7D19DB48A73EC16C45FA6BC161CBEEA9EB877AAA952ED0678961
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Chinese Simplified..ID=CHN..Version=1.6....[TEXT]..MAIN.MSG.SAVE_SETTTINGS= "........?"..MAIN.CMD.ACCEPT= "..."..MAIN.CMD.DENY= "..."..MAIN.CMD.SEARCH= "...."..MAIN.CMD.EXIT= "..."..MAIN.CMD.OK="..."..MAIN.LB.COMPUTER="....."..MAIN.LB.SEARCHING=".......:"..MAIN.TXT.STATUS="............."..MAIN.CHK.HIGHSPEED="......."..MAIN.CHK.64BIT="64...."..MAIN.MSG.REGISTERED_MEMBERS_ONLY="..................<BR><BR>............ www.klinzmann.name ."..MAIN.MSG.BLACKLIST_LIMITATION=".......................<BR>(..........)<BR><BR>............ www.klinzmann.name ."..MAIN.CHK.ENABLE_BLACKLIST="............"..MAIN.TAB.FILE="..."..MAIN.TAB.HELP="...."..MAIN.MENU.SAVE="...."..MAIN.MENU.SAVE_ENCRYPTED="......."..MAIN.MENU.SAVE_PROPERTIES="........"..MAIN.MENU.LOAD="...."..MAIN.MENU.EXIT="..."..MAIN.MENU.MANUAL_ENTRY="......."..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe ......"..MAIN.MENU.BLACKLIST_FILTERS="...

                                              C:\Program Files (x86)\LicenseCrawler\is-PEH4L.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2538
                                              Entropy (8bit):5.6217069335888015
                                              Encrypted:false
                                              SSDEEP:48:QKBDoPFrr8NFFD0wvQfdh6MdSiPLiB1n1H4RqjRaJ49FfH6V1:/o9rr8ZD0wv+hho4AUJ8FPI1
                                              MD5:E2A4B35936E18471635C27E23C5EB8B8
                                              SHA1:DAB1D3C5E637FEC27F8FDA04FF2F782DA54E229C
                                              SHA-256:B56643690505932653872CE93AC3FDFCC8133C2C7E616DEFE61E1AEC9415FBD9
                                              SHA-512:8C8460D28B14A283FB216DC0F5C1607AFF30461602E5AA6FE0B4A00AE01CBA390630AEB6D1C7FAA3DB11863B8F5038E7317956CD8366A6984848EB4FD9DCA4DF
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\sv.gif..Name=Swedish..ID=SV..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= "Spara inst.llningar?"..MAIN.CMD.ACCEPT= "Acceptera"..MAIN.CMD.DENY= "Neka"..MAIN.CMD.SEARCH= "S.k"..MAIN.CMD.EXIT= "Avsluta"..MAIN.CMD.OK="OK"..MAIN.LB.COMPUTER="Dator"..MAIN.LB.SEARCHING="Skannar:"..MAIN.TXT.STATUS="Tryck p. "S.k" f.r att starta skanning"..MAIN.CHK.HIGHSPEED="Snabbskanning"..MAIN.CHK.64BIT="64-bit skanning"..MAIN.TAB.FILE="Arkiv"..MAIN.TAB.HELP="Hj.lp"..MAIN.MENU.SAVE="Spara"..MAIN.MENU.SAVE_ENCRYPTED="Spara krypterat"..MAIN.MENU.SAVE_PROPERTIES="Spara inst.llningar"..MAIN.MENU.LOAD=".ppna"..MAIN.MENU.EXIT="Avsluta"..MAIN.MENU.MANUAL_ENTRY="Manuellt"..MAIN.MENU.LANGUAGE="Spr.k"..MAIN.MENU.DECODE_ENCODE="Kryptera/Dekryptera"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.HELP="Hj.lp"..MAIN.MENU.LICENSE_TERMS="Licensvillkor"..MAIN.MENU.HOMEPAGE="Bes.k hemsidan"..MAIN.MENU.ABOUT="Om"..PROC.LB.SEARCHING_COMPUTER="

                                              C:\Program Files (x86)\LicenseCrawler\is-Q4CN3.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):5260
                                              Entropy (8bit):6.213140969038756
                                              Encrypted:false
                                              SSDEEP:96:N84mYnl367V4hDHEM/phvFSQoIUx4xgAuyUvnVfKhcG2QZeYZM:NqANfVUqxgNfQhR2sM
                                              MD5:86B5A98BEEE186AE79CC9E064514BAB8
                                              SHA1:D06347B735998229AA0EC44797A23481EF71533F
                                              SHA-256:12C07BE9700841E07FB8D24C274FFFB51B88ABBCC77C5391B8B1D47234F97582
                                              SHA-512:C0144C4E4149117A5AFDB1DA14E5176A1D22E682917F4856FE8225575654E46CC2CE6FAE8F7F8E4ECC5C3695A180B5DD9E0F16AE975845A7A6FF6086ECC53703
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=Japanese..ID=JP..Version=1.6....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>............................ .......:.. www.klinzmann.name.. E-Mail: info@klinzmann.name<BR>...................................................LicenseCrawler............................E..............<BR>.............<BR>..If you find a minute, please make a picture of your town and send me..a mail so that i can see where the LicenseCrawler live. ;-)..<BR>LicenseCrawler......................... ..................... ....LicenseCrawler......................

                                              C:\Program Files (x86)\LicenseCrawler\is-QJMK4.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [cmd_default]
                                              Category:dropped
                                              Size (bytes):93
                                              Entropy (8bit):4.751750081650309
                                              Encrypted:false
                                              SSDEEP:3:XvMPAXtE/hEr3IlDBlv+GhxLE2ovktX7vn:k4XtEheIZHxrLEX+7v
                                              MD5:16C6D14345F1192FDCDC7D534F3AFB73
                                              SHA1:77802A521D8C9EEF1CC8333C9DAAB4C49CEF1448
                                              SHA-256:6B4491161B46F7BABD33A79139411EB909F8AD1BA52834F788A18AD1F7C9EDE1
                                              SHA-512:24678FFDAE562593BD80F81AE2578F0C103FD0172A712BE3FD5A7FC3B83BF2C084013AD09F5818BCE0535FA32062B76FC2E6EF130C13E87283E594A84A0ECF7B
                                              Malicious:false
                                              Preview:[common]..LogFileFolder=%app.path%..[cmd_default]..[cmd_additional]..-SKIP_LicensingProduct..

                                              C:\Program Files (x86)\LicenseCrawler\is-RH7FH.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):4549
                                              Entropy (8bit):5.431604538714182
                                              Encrypted:false
                                              SSDEEP:48:QRirIlTBWTpLARyF1YKH5SthGxItFiDxavbJhgKUQbSIL/IA2i1N1VI3cMdYIzT3:qiYTBWuOZStMx4Oa9QQr6cBmT2QHWWj
                                              MD5:8BE2996EFB53E0DBFED3EE25BF4E0844
                                              SHA1:19C628CC817E6EB3F8904CD254A996EF164B0D46
                                              SHA-256:42407721E119EC66C6A644E11AA08BA18E290732EDC9BD11C391D92A0144C07D
                                              SHA-512:181C7162B44F53403198C85179F8E94A2145C2D84687871A4E6B4DE5C5078893C211934644F8CB919B259DF99F2583351B0A8664118734A648387B52F88B1C53
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\de.gif..Name=English..ID=EN..Version=1.6....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..For new versions and other interesting tools please contact:.. www.klinzmann.name.. E-Mail: info@klinzmann.name<BR>..License Agreement:..You are free to share, to copy, distribute, transmit and use the..LicenseCrawler for non-commercial purposes...If you are interested in commercial versions, please send us an Email...<BR>Private use for free!!<BR>..If you find a minute, please make a picture of your town and send me..a mail so that i can see where the LicenseCrawler live. ;-)..<BR>The LicenseCrawler is provided 'as is' and 'used as seen'. No expression as to fitness of purpose is made. The decision as to whether to use these LicenseCrawler is yours alone. By choosing to use the LicenseCrawler, you accept full responsibility for any liability arising out of their use. You are liable for any damages whatsoever, including but not limited to, any dama

                                              C:\Program Files (x86)\LicenseCrawler\is-RSDUH.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [EULA]
                                              Category:dropped
                                              Size (bytes):5921
                                              Entropy (8bit):5.329619776648303
                                              Encrypted:false
                                              SSDEEP:96:haiOI9GyhAb8qOCBOk5wDqmMhJgJPbXUO/V5mzEc3va7x0QmT2Qlo52:h3O4qOCBO7qmM8JPjU25mz0GQmT2n2
                                              MD5:6E3A4564A97FFAC7EE61CDB33F3F0629
                                              SHA1:5D74FE98AE636AFC05CE2DDE01BE5E5AFED76064
                                              SHA-256:B571ADDF0D5D8C9C931398D59B8E7CF13794B7C43864008BBAC762E4A3B32BE3
                                              SHA-512:D85CF064153AEB0C8C98A78AB11A183FDA8E1CF57205C014AEE0BA5011BABC12F6C146532B6F1FD1AF70BF9638A1138307F2522E74253E2A2C5D4ABD4189AE3D
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\it.gif..Name=Italian..ID=IT..Version=1.6....[EULA]..<#@APP.HEADER@#><#@HELP.ABOUT@#>..Per nuova versioni e altri programmi interessanti contattate:.. www.klinzmann.name.. E-Mail: info@klinzmann.name<BR>..Accordo di licenza:..Siete liberi di condividere, copiare, distribuire, trasmettere e usare..LicenseCrawler per scopi non commerciali...Se siete interessati alle versioni commerciali, inviateci un'Email...<BR>L'uso personale . gratuito!!<BR>..Se avete un minuto, fate una foto alla vostra citt. e inviatemi..unaa mail in modo da vedere dove abita LicenseCrawler. ;-)..<BR>LicenseCrawler . fornito 'cos. com'.' e 'usato come lo vedete'. Non viene fatta nessuna espressione di adattamento per uno scopo. La decisione su se e come usare LicenseCrawler spetta a voi solamente. Scegliendo di usare LicenseCrawler, accettate la piena responsabilit. per qualsiasi reato derivante dal suo uso. Siete responsabili per qualsiasi danno in qualunque form

                                              C:\Program Files (x86)\LicenseCrawler\is-UHALS.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Generic INItialization configuration [TEXT]
                                              Category:dropped
                                              Size (bytes):2816
                                              Entropy (8bit):5.699138169490688
                                              Encrypted:false
                                              SSDEEP:48:QBtUh79BdvsU8cQU+SS27e+Cc1k1/ZC4yMI3Qb/W/UFDRfc2:sKh79B97f54Y4rFfH
                                              MD5:486719572DDB2CE6BBFBDE65BEB415AD
                                              SHA1:95B9A31AFDF80039FED7373F1911A2B93B89528B
                                              SHA-256:CBD4BCFA643CD22430FD0C7EBE89BECBCAB2EEABEC10995C452B6DB68F18FFAC
                                              SHA-512:4AF52006B5BBCC1AF9D05BBF49202ED8C89B14330908D518A68BDCCC55BF8E8FF5740B1A1595CB78F85E9E7BB48EBCD711CA0369A6A98C4829565BAF5AD2E635
                                              Malicious:false
                                              Preview:[Common]..CONTROL=LicenseCrawler..Flag=%app.path%\hu.gif..Name=Hungarian..ID=HU..Version=1.6......[TEXT]..MAIN.MSG.SAVE_SETTTINGS= "Mentse a be.ll.t.sokat?"..MAIN.CMD.ACCEPT= "Elfogad"..MAIN.CMD.DENY= "Elutas.t"..MAIN.CMD.SEARCH= "Keres.s"..MAIN.CMD.EXIT= "Kil.p.s"..MAIN.CMD.OK="OK"..MAIN.LB.COMPUTER="Sz.m.t.g.p"..MAIN.LB.SEARCHING="Kulcs keres.se:"..MAIN.TXT.STATUS="Kattints a gombra a kezd.shez"..MAIN.CHK.HIGHSPEED="Gyorskeres.s"..MAIN.CHK.64BIT="64 bites keres.s"..MAIN.TAB.FILE="F.jl"..MAIN.TAB.HELP="S.g."..MAIN.MENU.SAVE="Ment.s"..MAIN.MENU.SAVE_ENCRYPTED="Titkos.tott ment.s"..MAIN.MENU.SAVE_PROPERTIES="Tulajdons.gok ment.se"..MAIN.MENU.LOAD="Bet.lt"..MAIN.MENU.EXIT="Kil.p.s"..MAIN.MENU.MANUAL_ENTRY="K.zi bejegyz.s"..MAIN.MENU.ADOBE_PRODUCT_INFORMATIONS="Adobe Product Informations"..MAIN.MENU.DECODE_ENCODE="K.dol.s \ Dek.dol.s"..MAIN.MENU.HELP="S.g."..MAIN.MENU.HOMEPAGE="Honlap megl.togat.sa"..MAIN.MENU.ABOUT="N.vjegy"..MAIN.MENU.LANGUAGE="Nyelv"..MAIN.MENU.EULA="Licensz"..PROC.LB.

                                              C:\Program Files (x86)\LicenseCrawler\readme.txt (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:Non-ISO extended-ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):2813
                                              Entropy (8bit):4.88908179064068
                                              Encrypted:false
                                              SSDEEP:48:3k2EvdD2EXMhEKsTuemYA1v6vIqUI2KcA:3+WimT+vJ
                                              MD5:79E18BC8A432F6625CBE4ECA5210AF1F
                                              SHA1:F16A870D5525A84AA7C99E5270ECA7B868D3EAF6
                                              SHA-256:FD5033AA98700CE869BB02D9BE2145CCF079D41A57F20D4AF1E5FBFCD4153452
                                              SHA-512:F4E22B97D7B96F54A0F0FE4675521ADB1B08F5B8687BFA39585C5AE97B4AEECEEDA834790C8B49E6CD091EC0374E286BEFB7A786AC49A33BE9379AC8433EDB76
                                              Malicious:false
                                              Preview:The language files (*.lc) are optional...You can delete the files to save disk space....-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#....Run the LicenseCrawler as an administrator..Navigate to the program folder of the LicenseCrawler.exe ..Right-click the program icon (the .exe file)...Choose Run As Administrator...If you see a User Account Control prompt, accept it.....-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#....FAQ....Run-Time error '339':..Component 'mscomctl.ocx' or one of its dependencies not correctly registered: a file is missing os invalid....Solution:..Navigate to the program folder of the LicenseCrawler.exe ..Right-click the program icon (the .exe file)...Choose Run As Administrator...If you see a User Account Control prompt, accept it.....-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#....LicenseCrawler Windows License Key Scanner ..Copyright . Martin Klinzmann, www.klinzmann.name.. ..The LicenseCrawler can help you find

                                              C:\Program Files (x86)\LicenseCrawler\unins000.dat

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:InnoSetup Log LicenseCrawler, version 0x418, 8124 bytes, 767668\37\user\376, C:\Program Files (x86)\LicenseCrawler\376\
                                              Category:dropped
                                              Size (bytes):8124
                                              Entropy (8bit):3.823639274562208
                                              Encrypted:false
                                              SSDEEP:96:xr1qOLxQqgisbziB/C1bcuJlEDA4MZAegL3wmtJIjgR64lAn6zavYTBICtb6VHhw:F1iqgLbziB6bP4DSUqhM1b6VHC
                                              MD5:4925A85AD3BE114D0C28938F031F3A9E
                                              SHA1:6FEB7F0ED8FDD413D492D986F3B332990E115916
                                              SHA-256:1C1AE079886D40611CA76431008D11973B15666BA4F6E76AEF76A947AAC4C67E
                                              SHA-512:522821DD5048A98A4E5DEB42DB9C8368255C58081800A474758F84A803DAFB97D2A43658DC16C7A3C482BCA9A0EA70578433E12ADF10D828BB9159397772945A
                                              Malicious:false
                                              Preview:Inno Setup Uninstall Log (b)....................................LicenseCrawler..................................................................................................................LicenseCrawler..............................................................................................................................................................................................................................................p..........=..................7.6.7.6.6.8......h.a.r.d.z......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.c.e.n.s.e.C.r.a.w.l.e.r....................... ..........:...IFPS...."........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.............TARRAYOFINTEGER.................!MAIN....-1

                                              C:\Program Files (x86)\LicenseCrawler\unins000.exe (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):2558939
                                              Entropy (8bit):6.362256284615226
                                              Encrypted:false
                                              SSDEEP:49152:og2qPtc1e5OS7bPGoUl+x/grN4azvchYk2Fz:ovqPCnrN4azvSYt
                                              MD5:68A6B99EDFA9BC00765A964F44A684CA
                                              SHA1:E42957C80F03AE93C9A4E2E415B5D1DEE8F45BCA
                                              SHA-256:42335AFF80ACD75376B9FF9096ADC40DA948ADF729ADC85DCBE6B78ECC0E5294
                                              SHA-512:B79CDDD8D3A574360DCD923FCFBF344CC63EC4B415463180F9648D67A97A83F52E236E3189A28F866D8C9FE20FEF46367F3DF304F728B58D1A11280C90C9C104
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 4%
                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....]..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...8.$.......$................. ..`.itext...&....$..(....$............. ..`.data...DZ....$..\....$.............@....bss.....q...@%..........................idata...5....%..6...(%.............@....didata.......&......^%.............@....edata........&......h%.............@..@.tls....D.... &..........................rdata..]....0&......j%.............@..@.rsrc....D...@&..D...l%.............@..@..............'.......&.............@..@........................................................

                                              C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp

                                              Download File
                                              Process:C:\Users\user\Desktop\licensecrawler_setup.exe
                                              File Type:Unknown
                                              Category:dropped
                                              Size (bytes):2535424
                                              Entropy (8bit):6.378725232145821
                                              Encrypted:false
                                              SSDEEP:49152:gg2qPtc1e5OS7bPGoUl+x/grN4azvchYk2F:gvqPCnrN4azvSY
                                              MD5:84DB4B4205F705DA71471DC6ECC061F5
                                              SHA1:B90BAC8C13A1553D58FEEF95A2C41C64118B29CF
                                              SHA-256:647983EBDE53E0501FF1AF8EF6190DFEEA5CCC64CAF7DCE808F1E3D98FB66A3C
                                              SHA-512:C5803B63D33BB409433B496B83CA2A7359B4B1835815386206283B3AF5C54D7D1CB9E80244A888638C7703C4BF54E1B2C11BE6836F20B9FEA157AB92BFBF365A
                                              Malicious:true
                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....]..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...8.$.......$................. ..`.itext...&....$..(....$............. ..`.data...DZ....$..\....$.............@....bss.....q...@%..........................idata...5....%..6...(%.............@....didata.......&......^%.............@....edata........&......h%.............@..@.tls....D.... &..........................rdata..]....0&......j%.............@..@.rsrc....D...@&..D...l%.............@..@..............'.......&.............@..@........................................................

                                              C:\Users\user\AppData\Local\Temp\is-V7MGQ.tmp\_isetup\_setup64.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):6144
                                              Entropy (8bit):4.720366600008286
                                              Encrypted:false
                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Joe Sandbox View:
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: SecuriteInfo.com.Trojan.Siggen18.59138.29444.26902.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: , Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: , Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: , Detection: malicious, Browse
                                              • Filename: , Detection: malicious, Browse
                                              • Filename: , Detection: malicious, Browse
                                              • Filename: GpPP25HfBe.exe, Detection: malicious, Browse
                                              • Filename: MSDisplay_MultiDev_v1.0.0.18.0.exe, Detection: malicious, Browse
                                              • Filename: sfk.exe, Detection: malicious, Browse
                                              • Filename: setup_installer.exe, Detection: malicious, Browse
                                              • Filename: install_setup.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\Desktop\LicenseCrawler.lnk

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Nov 25 23:27:23 2022, mtime=Fri Nov 25 23:27:23 2022, atime=Sat May 14 02:00:20 2022, length=1115416, window=hide
                                              Category:dropped
                                              Size (bytes):1152
                                              Entropy (8bit):4.632217637970263
                                              Encrypted:false
                                              SSDEEP:24:8m0MVULdOEcmkiyAnJ4Dd5qgd5uUUPqbX7gNX7s7aB6m:8mpULdO2RJ4Dd5qgd53TXkNX1B6
                                              MD5:46A7E74D72FC0B1949C52689D4C6FBDB
                                              SHA1:D03946A058E233A2778B2252B5304C310A0BD182
                                              SHA-256:AC00CB09560974812F87AEF045301E269EA213BFE4711738B3059D23B4CBF02C
                                              SHA-512:F29F4D69D9CD9FB56226FE312350846BFC60890AD318FFB6350F8A15C0E8F25BE90411B5154A259F0FB3A3E5C0F4D2587D5640BF611BB5FAF2459C611C257BCC
                                              Malicious:false
                                              Preview:L..................F.... ....\..-.....-.....%.>g...............................P.O. .:i.....+00.../C:\.....................1......U...PROGRA~2.........L.zU[.....................V.....</..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....zUm...LICENS~1..N......zUl.zUm......E....................4..L.i.c.e.n.s.e.C.r.a.w.l.e.r.....r.2......T.. .LICENS~1.EXE..V......zUl.zUl......}........................L.i.c.e.n.s.e.C.r.a.w.l.e.r...e.x.e.......g...............-.......f...........%c.$.....C:\Program Files (x86)\LicenseCrawler\LicenseCrawler.exe..>.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.c.e.n.s.e.C.r.a.w.l.e.r.\.L.i.c.e.n.s.e.C.r.a.w.l.e.r...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.c.e.n.s.e.C.r.a.w.l.e.r.........*................@Z|...K.J.........`.......X.......767668...........!a..%.H.VZAj.................-..!a..%.H.VZAj.................-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2

                                              C:\Windows\SysWOW64\MSCmCDE.dll (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):158208
                                              Entropy (8bit):3.5990820344612815
                                              Encrypted:false
                                              SSDEEP:3072:SL+p+j4aTSpjwCUAPzh7LipZS8m5BqpeT6KmcVdS5yCF:Wp
                                              MD5:A6D3757A6C38789F9AE3DE145C25843C
                                              SHA1:894BF07EBD2FEBC46113C1EE50776880506EE2CB
                                              SHA-256:D906722020FC27A1A6C707F60B874304D45860431F93EB5DB0C5ECE7415EEF99
                                              SHA-512:DD45AAA1293340B28A855115DDA25DB2748340B9B5BA72D024FF79793DC313AA133730B2DAE42EDDC288CEEB366D7A5206A3E222FB0E0EBFAC719D7537DE20F5
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V..5...........!.........h....................x'................................b...................................................td...........................................................................................................rsrc....p.......f..................@....reloc...............h..............@..B.............................................................+ab............8....................... ................+ab............................................................(.......@.......X.......p........+ab........d.......e.......f.......}...................................0.......H.......`.......x...................................................^... .......8.......P.......h................................... .......!.......-.......z...(...{...@........+ab......O.....X.......p...................................................

                                              C:\Windows\SysWOW64\is-7EM95.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):158208
                                              Entropy (8bit):3.5990820344612815
                                              Encrypted:false
                                              SSDEEP:3072:SL+p+j4aTSpjwCUAPzh7LipZS8m5BqpeT6KmcVdS5yCF:Wp
                                              MD5:A6D3757A6C38789F9AE3DE145C25843C
                                              SHA1:894BF07EBD2FEBC46113C1EE50776880506EE2CB
                                              SHA-256:D906722020FC27A1A6C707F60B874304D45860431F93EB5DB0C5ECE7415EEF99
                                              SHA-512:DD45AAA1293340B28A855115DDA25DB2748340B9B5BA72D024FF79793DC313AA133730B2DAE42EDDC288CEEB366D7A5206A3E222FB0E0EBFAC719D7537DE20F5
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V..5...........!.........h....................x'................................b...................................................td...........................................................................................................rsrc....p.......f..................@....reloc...............h..............@..B.............................................................+ab............8....................... ................+ab............................................................(.......@.......X.......p........+ab........d.......e.......f.......}...................................0.......H.......`.......x...................................................^... .......8.......P.......h................................... .......!.......-.......z...(...{...@........+ab......O.....X.......p...................................................

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.822729342220669
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 98.04%
                                              • Inno Setup installer (109748/4) 1.08%
                                              • InstallShield setup (43055/19) 0.42%
                                              • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                              File name:licensecrawler_setup.exe
                                              File size:2954648
                                              MD5:e7127c35fd5b4f803c83ce6ccec56b89
                                              SHA1:c5e3af5f059d7d53711878b87e32d8c9c7e05dc5
                                              SHA256:d96fa064822b2a93e39dc7b1546ede38a7d578682c5551d3be47b4b6fd4f4609
                                              SHA512:31911a1e3fd2e2d2642f3e05b6bf4632f98694f21995bbb3491950a8709b974df49c9f2571c60adc2c51e8a40150606877d40ab8e3ad977c0c93158a4a9e7f4f
                                              SSDEEP:49152:9csQ6QtOns5NibaUjJAjlTLbRzqAEJxl5hMG1Dw2hRngs9udI3WA2n5f5:91QTQsTib7jJaBfEJXsG1kEngs9udeWP
                                              TLSH:BED5F127B298653EC49A27360673A01068FBB76DF416BE1676F4C48DCF761C01E3EA25
                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                              File Icon

                                              Icon Hash:a2a0b496b2caca72

                                              Static PE Info

                                              General

                                              Entrypoint:0x4a7ed0
                                              Entrypoint Section:.itext
                                              Digitally signed:true
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x5DA1B5ED [Sat Oct 12 11:15:57 2019 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:6
                                              OS Version Minor:0
                                              File Version Major:6
                                              File Version Minor:0
                                              Subsystem Version Major:6
                                              Subsystem Version Minor:0
                                              Import Hash:eb5bc6ff6263b364dfbfb78bdb48ed59

                                              Authenticode Signature

                                              Signature Valid:true
                                              Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
                                              Signature Validation Error:The operation completed successfully
                                              Error Number:0
                                              Not Before, Not After
                                              • 6/2/2020 5:00:00 PM 6/3/2022 4:59:59 PM
                                              Subject Chain
                                              • CN=Martin Klinzmann, O=Martin Klinzmann, STREET=Birkenstrasse 3, L=Leichlingen, S=Nordrhein-Westfalen, PostalCode=42799, C=DE
                                              Version:3
                                              Thumbprint MD5:ABCEA3BEE3664B3E1D07451C9706EF27
                                              Thumbprint SHA-1:12B2EC1A14FE4FFB9744F56073D5E169E9BA1561
                                              Thumbprint SHA-256:9751B37ABABA8ED90175432F2531DABBA307BA948CA2E9AF4284CEA3E690CCE6
                                              Serial:00EB695D55BFD3C97E89D079B7568500DD
                                              Instruction
                                              push ebp
                                              mov ebp, esp
                                              add esp, FFFFFFA4h
                                              push ebx
                                              push esi
                                              push edi
                                              xor eax, eax
                                              mov dword ptr [ebp-3Ch], eax
                                              mov dword ptr [ebp-40h], eax
                                              mov dword ptr [ebp-5Ch], eax
                                              mov dword ptr [ebp-30h], eax
                                              mov dword ptr [ebp-38h], eax
                                              mov dword ptr [ebp-34h], eax
                                              mov dword ptr [ebp-2Ch], eax
                                              mov dword ptr [ebp-28h], eax
                                              mov dword ptr [ebp-14h], eax
                                              mov eax, 004A2BC4h
                                              call 00007F4E7CB8EE3Dh
                                              xor eax, eax
                                              push ebp
                                              push 004A85C2h
                                              push dword ptr fs:[eax]
                                              mov dword ptr fs:[eax], esp
                                              xor edx, edx
                                              push ebp
                                              push 004A857Eh
                                              push dword ptr fs:[edx]
                                              mov dword ptr fs:[edx], esp
                                              mov eax, dword ptr [004B0634h]
                                              call 00007F4E7CC22F3Bh
                                              call 00007F4E7CC22A92h
                                              lea edx, dword ptr [ebp-14h]
                                              xor eax, eax
                                              call 00007F4E7CBA4468h
                                              mov edx, dword ptr [ebp-14h]
                                              mov eax, 004B3714h
                                              call 00007F4E7CB896C7h
                                              push 00000002h
                                              push 00000000h
                                              push 00000001h
                                              mov ecx, dword ptr [004B3714h]
                                              mov dl, 01h
                                              mov eax, dword ptr [00423698h]
                                              call 00007F4E7CBA54CFh
                                              mov dword ptr [004B3718h], eax
                                              xor edx, edx
                                              push ebp
                                              push 004A852Ah
                                              push dword ptr fs:[edx]
                                              mov dword ptr fs:[edx], esp
                                              call 00007F4E7CC22FC3h
                                              mov dword ptr [004B3720h], eax
                                              mov eax, dword ptr [004B3720h]
                                              cmp dword ptr [eax+0Ch], 01h
                                              jne 00007F4E7CC2987Ah
                                              mov eax, dword ptr [004B3720h]
                                              mov edx, 00000028h
                                              call 00007F4E7CBA5DC4h
                                              mov edx, dword ptr [004B3720h]
                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0xb60000x9a.edata
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xb40000xf1c.idata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb90000x4600.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x2cf0780x2520
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0xb80000x18.rdata
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0xb42e00x240.idata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xb50000x1a4.didata
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000xa50e80xa5200False0.35601136686222556data6.369284753795082IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .itext0xa70000x16680x1800False0.541015625data5.951810643537571IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .data0xa90000x37a40x3800False0.36063058035714285data5.035168539011174IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .bss0xad0000x67780x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .idata0xb40000xf1c0x1000False0.36474609375data4.791610915860562IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .didata0xb50000x1a40x200False0.345703125data2.7458225536678693IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .edata0xb60000x9a0x200False0.2578125data1.881069204504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .tls0xb70000x180x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .rdata0xb80000x5d0x200False0.189453125data1.3799881252217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .rsrc0xb90000x46000x4600False0.3229352678571429data4.442047201554272IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              NameRVASizeTypeLanguageCountry
                                              RT_ICON0xb94c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands
                                              RT_ICON0xb95f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands
                                              RT_ICON0xb9b580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands
                                              RT_ICON0xb9e400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands
                                              RT_STRING0xba6e80x360data
                                              RT_STRING0xbaa480x260data
                                              RT_STRING0xbaca80x45cdata
                                              RT_STRING0xbb1040x40cdata
                                              RT_STRING0xbb5100x2d4data
                                              RT_STRING0xbb7e40xb8data
                                              RT_STRING0xbb89c0x9cdata
                                              RT_STRING0xbb9380x374data
                                              RT_STRING0xbbcac0x398data
                                              RT_STRING0xbc0440x368data
                                              RT_STRING0xbc3ac0x2a4data
                                              RT_RCDATA0xbc6500x10data
                                              RT_RCDATA0xbc6600x2c4data
                                              RT_RCDATA0xbc9240x2cdata
                                              RT_GROUP_ICON0xbc9500x3edataEnglishUnited States
                                              RT_VERSION0xbc9900x584dataEnglishUnited States
                                              RT_MANIFEST0xbcf140x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                              DLLImport
                                              kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                              comctl32.dllInitCommonControls
                                              version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                              user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                              oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                              netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                              advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW
                                              NameOrdinalAddress
                                              TMethodImplementationIntercept30x453ac0
                                              __dbk_fcall_wrapper20x40d3dc
                                              dbkFCallWrapperAddr10x4b063c

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              DutchNetherlands
                                              EnglishUnited States

                                              Network Behavior

                                              No network behavior found

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              • File
                                              • Registry

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:16:27:04
                                              Start date:25/11/2022
                                              Path:C:\Users\user\Desktop\licensecrawler_setup.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\Desktop\licensecrawler_setup.exe
                                              Imagebase:0x400000
                                              File size:2954648 bytes
                                              MD5 hash:E7127C35FD5B4F803C83CE6CCEC56B89
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Borland Delphi
                                              Reputation:low
                                              Show Windows behavior

                                              File Activities

                                              Show Windows behavior

                                              Section Activities

                                              Show Windows behavior

                                              Registry Activities

                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                              Show Windows behavior

                                              Process Activities

                                              Show Windows behavior

                                              Thread Activities

                                              Show Windows behavior

                                              Memory Activities

                                              Show Windows behavior

                                              System Activities

                                              Show Windows behavior

                                              Windows UI Activities

                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                              General

                                              Target ID:1
                                              Start time:16:27:05
                                              Start date:25/11/2022
                                              Path:C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-JONDA.tmp\licensecrawler_setup.tmp" /SL5="$802D4,2247177,721408,C:\Users\user\Desktop\licensecrawler_setup.exe"
                                              Imagebase:0x400000
                                              File size:2535424 bytes
                                              MD5 hash:84DB4B4205F705DA71471DC6ECC061F5
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Borland Delphi
                                              Reputation:moderate
                                              Show Windows behavior

                                              File Activities

                                              Show Windows behavior

                                              Section Activities

                                              Show Windows behavior

                                              Registry Activities

                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                              Show Windows behavior

                                              Process Activities

                                              Show Windows behavior

                                              Thread Activities

                                              Show Windows behavior

                                              Memory Activities

                                              Show Windows behavior

                                              System Activities

                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                              Show Windows behavior

                                              Windows UI Activities

                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                              Disassembly

                                              No disassembly